How I Reined in Spam

Sometimes in life, admitting your own limitations is half the battle. I outsource all the things I can't do well. I'm a certified public accountant, yet admittedly a lousy one, so I outsource my taxes. I'm bad at gardening, so I hire a landscaper. I don't have a clue how my car works, so I use a mechanic. Same goes for my small business. I outsource the battle against spam e-mail. Guess what: it works. That wasn't always the case. Only a few years ago, business owners were bitterly complaining about the tidal wave of unwanted e-mail that potentially carried viruses and distracted employees. Wasn't it just recently that tech vendors were trying to sell us expensive software to limit the risk of spam? Don't get me wrong: spam certainly hasn't disappeared. More is generated now than ever, according to security software companies. Just ask Dean Hall, an engineering manager at Sterling Communications, a Portland (Ore.) Internet service provider that handles spam protection for small businesses. "The problem is larger than it was a few years ago," Hall says. Thanks to more advanced spam-fighting software though, "the problem appears smaller." Warning: Rogue ComputersTake the example of Yale University. Three years ago, its information technology department was processing about 48 million e-mails a month. About 60% of that was filtered out as spam. By this past June, Yale handled about 85 million monthly e-mails—and was able to filter out more than 93% of those messages. Yale subscribes to services such as SpamHaus, which can warn a customer's IT department of rogue computers that send lots of spam. Yale also uses open-source software called SpamAssassin to catch harmful e-mail before it hits a user's PC. A lot more spam is out there, but it's becoming less and less of a problem for end users. It's not being eradicated; it's just being controlled a lot better. Yale is a big organization with a sizable IT staff. But it still relies on outside services to minimize its risk. Sometimes outsourcing the job pays. Many Internet service providers that sell to small businesses are doing the same thing, refusing to accept e-mail from blacklisted servers. They're participating in industry user groups, scouring Internet message boards that can alert them to new threats, and getting information from anti-spam organizations. Turning to the ExpertsOutsourcing spam protection was the best answer for my software consulting business. I used to try to combat spam myself, by using packaged software I bought or downloading free products. Still, my 10 employees were getting inundated with spam. Then, earlier this year, I switched to a new service provider to host my company's e-mail. For about $50 a month , the ISP provides an extra spam protection service. The result: Most of the malicious e-mails coming in are caught, and suspect ones come to us marked "potential spam." Even Microsoft's (MSFT) Outlook e-mail program has significantly improved the way it handles spam. Newer versions of the program allow users to flag spam e-mails so future messages like them are shuttled to a special folder for review or disposal. Large security software from Symantec (SYMC) and other vendors are increasingly packaging PC anti-spam software with the rest of their products, which also speaks to the importance of catching spam at the server level, before it reaches a user's PC. Some business owners opt to subscribe to online spam protection services such as Spam Arrest, MailWasher, or SpamButcher. I find these services too much work. They require customers to uploads lists of "approved" contacts who they receive e-mail from, or they require senders to prove they're human before allowing their messages to go through. That's too much work for me. According to Sterling's Hall, "the anti-spam forces are not winning, but we are not losing either." I disagree. I'm no longer fighting this battle.

Before it's here, it's on the Bloomberg Terminal.