False positives: How anti-spam filters can cause loss of business By David Kelleher Every email user across the globe can relate to it. That tiresome feeling of sifting through what often seems like endless amounts of emails at the beginning of each day, in a constant and ongoing fight against spam. As costs, in terms of time and money, increase for businesses dealing with spam, it’s important for IT directors, especially within SMEs, to find effective ways to deal with the daily dilemma. Spam is an exponentially-growing problem and with conservative estimates suggesting that 100 billion spam messages clog the internet on a daily basis, the majority of companies are more than happy to use spam filters to lower the volume of spam hitting their email server. Working their way through hundreds of junk messages every morning is a chore many employees will be happy to stop doing. The most effective way to deal with spam is to install anti-spam filters that remove junk messages from all inbound email. The majority of anti-spam products on the market use a variety of technologies to achieve this and these products are regularly updated to counter new and derived forms of spam. Top end products can remove upwards of 98% of all spam received, making life somewhat easier for email users and IT administrators. Unfortunately, inasmuch as spam filters are a godsend for many companies, there is always a risk – albeit small – that the filters will occasionally block and prevent valid email messages from arriving at their destination. These are known as ‘false positives’. Many anti-spam solutions allow the administrator to adjust the sensitivity of the filters. The higher the sensitivity level of the filter is the greater the chances of spam being caught. However, this will almost certainly increase the number of false positives – and false positives can be extremely costly in terms of credibility and cost. One company in the US learned at its own expense how one missed email can land a business in deep trouble. A law company in Colorado failed to turn up in court and was order to pay the opposing counsel’s costs. The firm’s IT team had increased the sensitivity of their email filters because spam was still reaching end-users. Although this solved the problem it created another because emails from the United States District Court for the District of Colorado, including a notification of the date of the hearing, were also blocked. Unfortunately, that single email cost the firm several thousand dollars. This is one example of how a false positive can impact a company in financial terms. But the damage is not limited to direct monetary losses. An email from a client may be blocked with the result that a long-awaited business deal falls through because the client feels the company neglected his email and did not bother to reply. It will take considerable PR effort to get the customer back. False positives impact productivity too. A high rate of false positives means that staff have to spend time checking deleted or quarantined emails for ‘genuine business message’. According to Ferris Research, it costs $3.50 to recover an erroneously deleted email. That may not seem a lot, but in a company with 500 staff, a single misidentified email per month per member of staff equates to an annual cost of $21,000. Most anti-spam filters based on more primitive technologies are known to generate a higher rate of false positives. This often happens because the rules that these filters are based on are too stringent or not well-defined enough. For example, some anti-spam filters ban all email originating from mail servers which appear on up-to-date blacklists. The risk of accidentally blocking potentially important messages is sometimes enough to deter many companies from implementing any anti-spam measures at all – which is in itself the epitome of bad practice. But no one can blame them for preferring to put up with spam rather than losing potential business because of a few false positives. So how do you deal with false positives? Whilst you can delete all mail that is tagged as spam as it lands at your server, this is probably not the best way to deal with the problem. This will only increase the risk that important emails will be lost without any chance of recovery. A better approach would be to quarantine tagged mail into a junk folder so that users check it on a regular basis. Although this can be time-consuming, properly configured anti-spam filters can reduce the number of tagged emails thus making it much easier for users to check the quarantine folders. Spam filters can never get it 100% right. Some junk emails appear to be genuine enough to not only bypass the filters but the end-users as well. Maintaining a low level of false positives depends a great deal on the anti-spam filters used and how these have been configured. There is no single solution on the market that will delete all spam and never delete a good email. Choosing a proven anti-spam product however, coupled with proper configuration and integration with the email server, will go a long way towards reducing the number of false positives and, ultimately, negative repercussions for the company. David Kelleher is Communications and Research Analyst at GFI.
Pages to are hidden for
"falsepositives"Please download to view full document