Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > Top Technology Initiatives > Top 10 Technologies Archive > Top 10 Technologies 2005 > Spam Technology > Spam Technology
Spam Technology
By: Roman H. Kepczyk, CPA.CITP

E-mail is a critical business tool that allows CPAs to effectively communicate with clients and customers and share information in an extremely fast, convenient, cost-effective manner. However, the features that made it such a useful business tool are abused by a large number of online marketers that send out billions of e-mails. These clog the inboxes of all e-mail users with various unsolicited product and service offers.

 

More commonly referred to as spam e-mail, a number of studies done in 2003 showed that the average person without an installed spam filter spent between nine and 10 minutes each day just dealing with spam—which would amount to almost a week of lost productivity in a year's time. According to the Postini Resource Center (www.postini.com), 10 out of 12 e-mails received in November 2004 were filtered as spam.

 

In addition to the economic impact of lost productivity, organizations must ramp up their server disk space, Internet bandwidth and data backup capacity to deal with spam e-mails that often must sit in a deleted e-mail mailbox for a pre-determined amount of time. With these concerns in mind, spam remains on the AICPA Top Technologies list for the second year in a row.

 

In the past, solutions such as real-time block lists (RBL), also known as black lists or black hole lists, identified the domains of spammers and were effective as long as the lists were regularly maintained. Many organizations also set up "white" lists, or domains that were known to be friends or business associates of the organization, allowing any e-mails from that specific domain to be delivered within the organization.

 

Unfortunately, spammers quickly learned that "spoofing" or faking a valid e-mail address header, including e-mail addresses from within the targeted organization, could easily bypass these filtering tools. In addition, some organizations instituted "challenge/response" anti-spam systems that replied to every inbound e-mail with a challenge, such as a request to answer a question or input a code embedded within the e-mail. Spammers, of course, could not respond to these requests. While these products traditionally blocked spam, they also blocked automated response systems ("I'm out of the office") and business-related information such as newsletters that an employee might have signed up for, but was delivered from a different e-mail domain.

 

There also were a number of solutions that used Bayesian filtering to scan for specific spam criteria within an e-mail. In addition, collaborative filtering created a spam list based on other people receiving a spam e-mail and identifying it as such, so that it would be blocked for all other users. Unfortunately, spammers continue to be more innovative, spoofing or creating e-mail addresses for only a few e-mails, and then moving on, making personal filtering solutions significantly less effective.

 

Rather than count on static solutions, to effectively deal with today's spam, individuals and organizations must look to proactive, regularly updated services that provide filtering. For individuals, this means having a third-party filter managed by their Internet Service Provider, such as those included with AOL, MSN, and Yahoo!, or an individual service that updates regularly and automatically, similar to how an anti-virus filter update its settings.

 

For medium-size businesses and larger organizations, a more robust solution must be implemented. Today, most firms and companies have a filtering solution on their own e-mail server—often a product related to their anti-virus solution that allows them to access filtered e-mails for a specified period of time before being automatically deleted. Unfortunately, this solution also requires that the filter handle all inbound e-mails, with usually more than 80 percent being spam.

 

To minimize the amount of junk e-mails coming into the organization, many companies rely on third-party service providers that initially filter e-mails and gets rid of the majority of "blatant" spam e-mails prior to them being delivered to a firm or company. Because this is the providers' specialty, they also have the most effective spam filtering capabilities. Providers include virus detection and also can filter outbound e-mails to ensure they adhere to the organization's policies.

 

In the near future, it appears that using an external "re-mailer," along with an internal server-based filtering application, will be the most effective solution to deal with spam. Beyond that, there are a number of proposals being developed that will create e-mail systems and will not allow unidentified users or e-mail spoofing. Nevertheless, these newly created solutions will take a long time to implement. However, while spam is a very expensive nuisance, its impact can be minimized if the organization makes an effort to put the right solutions in place.

AICPA's Top Technologies 2005 is a project of the AICPA's Information Technology (IT) Membership Section and led by the Top Technologies Task Force. For more information on the AICPA's technology initiatives, including the Top Technologies, the CITP credential and the IT Membership Section, visit the Membership Section.

 
Roman H. Kepczyk, CPA.CITP is president of InfoTech Partners North America, Inc. (www.itpna.com), a consulting group working specifically with CPA firms to implement today's less-paper or digital solutions.
Copyright © 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.