By Michael Brunzlik
Do you know how many e-mails move through your server every day? Any idea how big they are, or if they are clogging the server? Do you care how many of those mails contain private content, or how many of the mails containing business critical information can be read by any Joe Soap?
How much control do you have Ö and how much can lack of control cost you?
The increasing number of e-mails, the volume of critical business data contained in email, the level of threat to the organisation that e-mail can present, and the relationships maintained with customers through e-mail channels, now necessitate that you reconsider where e-mail fits within your organisation.
Companies need to reduce the volume of e-mails moving through the organisation, they need to decrease the size of these e-mails, they need to protect the business from virus or intrusion attacks, and they need to elevate e-mail to its rightful place on the hierarchy of business-critical tools.
The Meta Group has warned companies that they should begin to treat e-mail as a core, vital business infrastructure and manage it accordingly; if not, they can expect their total costs for e-mail management to double or even quadruple through to 2006.
The sheer volume of e-mail moving between users is becoming an issue because it is burdening IT resources. The trend to store all e-mail is eating up costly storage space. The bigger e-mail boxes get, the more challenging it is for the IT department to allocate the necessary resources.
There are a few simple actions that can be taken to address the problem caused by the size of e-mails received and stored.
It is quite rare that businesses need to send images containing critical business data via e-mail. Business data tends to be contained in word processor documents, presentations and spreadsheets.
Therefore, IT administrators can place filters at the mail server, or firewall before the mail server, that rejects e-mail containing image files or image attachments.
Another way to control e-mail volumes is to limit the size of each e-mail.† Setting size limits for incoming and outgoing mail will also prevent e-mails containing images from being received.† If images need to be sent, they should be transmitted using the file transfer protocol (ftp).
Users often realise that the company does not accept the receipt or transmission of large e-mails and begin to manage themselves by watching the size of their e-mails; although there are always exceptions to this. These management methods have a high impact on the business when large amount of content does need to be communicated.† Reporting and monitoring is a valuable means of creating awareness and instilling self-discipline in e-mail users.
Spam presents a particular problem to organisations because it can slow down networks and clutter inboxes. According to the Meta Group, spam today represents more than 50% of all mail on the Internet. Spam filtering is a challenge, since spammers are becoming more sophisticated in their attacks.
The Meta Group believes that with current technology, companies should consistently be able to block about 90% of the spam sent to users.† The remaining 10% will still cause users some annoyance and increase storage costs, but it will be manageable, the research group says.
There are a number of tools that can be implemented to control spam. The tools use different techniques in an attempt to address the problem, but there is always a chance that spam filters will remove legitimate e-mails as well.
One such technique is for the spam management tool to monitor incoming e-mail and attach numerical values to specific keywords. If the total value from these words meets or exceeds the threshold set, the mail is flagged as spam.
Once the e-mail has been identified as spam, the administrator can choose to let the mail reach the intended recipient, with it being clearly marked as spam, or it can simply be rejected.† The recipient can utilise the mail handling rules function in most modern e-mail client applications to automatically handle the flagged e-mail as they choose.
The problem with rejecting e-mails flagged as spam is the introduction of false-positives. A false-positive is a legitimate e-mail that has been identified as spam because it passed the keyword threshold.† False-positives can be prevented if the recipient is allowed to manage the spam at the desktop.† While giving this control to the user doesnít fully address the issue of high e-mail volume, it does allow the inbox to be more manageable.
Other spam blockers use heuristic management engines that search for trends in what the e-mail looks like and the level of HTML it contains.† A preferred method is the use of spam black lists, which are lists of known spam sources that can be used by specific spam management software to prevent spam from entering the mail server. The benefit is that bandwidth is spared. On the negative side, these websites are targeted and rendered ineffective by the spam community from time to time, effectively disabling this service.
Yet another way to manage spam is to configure domain name servers to perform reverse lookups. If the e-mailís domain name doesnít match the IP address from which it was sent, then the chances are it is being sent from a bogus source.
However, many domain name servers are not correctly configured and although the e-mail being sent is from a legitimate source and is not spam, it will be rejected as such because it fails the reverse lookup.
Never mind the problem of storage and resource consumption the volume of e-mails present to the administrator: they also bring to the table a range of security issues.
e-Mails can be carriers of viruses, malicious code or intrusion software, to name only a few types of malware they could contain. The sophistication of the virus, the level of the threat that it poses and the method used to gain illegal access to networks is evolving at a giddy pace.
The only way to address the threat of virus infections is to ensure that good anti-virus practices are in place, including anti-virus software at the mail server and on each userís machine. Another measure of security is to implement intrusion detection systems that can monitor the network and e-mail traffic.
Outside of the obvious threats e-mail can bring to a business, companies also need to be aware of privacy issues, and the visibility of confidential or business-critical data moving through e-mail servers. If business units are communicating critical business data to each other and/or to customers, encryption/decryption technology should be in place.
There are still many people who do not view e-mail as a valuable business tool. Not all managers or business owners understand what e-mail can do for their company. They accept that e-mail is there but they choose not to use it; or if they do use it, they do so rarely or with reservation.
Most people would accept that the telephone is a critical business tool, and it is common practice for e-mail systems to be placed after the telephone in terms of importance and allocated resources. Often, however, once companies start using e-mail effectively, they realise that it needs to be high on the infrastructure resources priority list.
e-Mail is an effective communications tool because it is non-intrusive. It is difficult to ignore a ringing telephone, but e-mail can be ignored until the recipient is ready to respond; and the fact that e-mail is written presents users with the opportunity to prepare before responding.
The use of e-mail is increasing exponentially and the Meta Group states this trend is set to continue.
It is important that decision makers in smaller companies start to place e-mail in its rightful place within their infrastructures so that it can be effectively used and managed as a strategic business enabler.
Michael Brunzlik, TSI, (011) 792 1094, firstname.lastname@example.org
Rashmika Jeewa, FHC Strategic Communications, (011) 608 1228, email@example.com