Evaluating ROI for anti-spam initiatives

Aside from the pure annoyance of having to deal with it, spam causes more damage when it directly affects your ROI.

Nearly 36% of all e-mail messages received today are spam, according to a recent NetIQ study of 750 small and large

organizations worldwide. That's a 6-fold increase over the past three years. The issue has reached such epidemic proportions that if its growth goes unabated, it can potentially ruin the utility and business value of e-mail.

As the spam count mounts, the cost of managing the overflow rises, now estimated at $285 per employee, per year in lost productivity and incremental IT costs. As a result, the business case for anti-spam tools continues to increase: The typical organization obtains a payback on anti-spam solutions in six months or less, and an ROI of well over 300%.

In companies of every size, users complain about the overflow of e-mail in their inboxes each morning, how long it takes to weed through it all, and increasingly, how embarrassing the e-mails can be to the user and the company. The impact of spam is most heavily felt in three areas of the business:

  1. Lost productivity – Spam has the greatest impact on employees; more than 80% of the cost related to lost productivity is managing and deleting unwanted e-mails. Studies show that the average user receives more than 25 spam e-mails each day, and even though these e-mails take about five seconds to recognize and resolve, small productivity hits of two minutes per employee, per day over the course of a year add up, quickly.

    The costs multiply for remote users and for employees who access e-mail via voice-mail or wireless devices. The impact of spam results in an average 0.4% productivity loss per employee, per year. For a typical 1,000-user organization, that means more than $250,000 in lost productivity yearly.

     

  2. IT Costs – For IT, the costs are both technical and human. Spam consumes an estimated 11% of total Internet bandwidth costs and almost 500 GB of storage each year. In addition, it generates more than five help desk support calls per day for every 100 users, and requires additional administrative staff to help manage and address the inquiries.

    For a typical 1,000-user organization, incremental IT costs are almost 20% of the total cost of spam, resulting in additional costs of approximately $38,000 yearly.

     

  3. Legal and Security Risks – E-mails laced with sexual content, discriminatory humor, viruses, worms and Trojans are becoming more common, and companies need to take proactive measures to filter such messages, or they risk facing costly consequences. If a legal issue arises, the fact that IT did not act to reduce these e-mails may jeopardize IT managers' positions. The potential legal and security risks are difficult to quantify, but if even one of these risks is realized, the cost to the organization can easily outweigh the more tangible IT and lost productivity costs.

No silver bullet will resolve this problem immediately, but in the near term, these techniques will help mitigate spam's impact:

  • Educate users. How users behave influences how much spam they attract. One very effective preventative tool is to educate users not to visit or register on questionable Web sites, and not to respond to spam e-mails. Also, organizations should avoid publishing e-mail addresses on public Web sites, since spam programs scrape these sites for new targets.
  • Implement text analysis. Administrators can configure anti-spam solutions to recognize words used by spammers and prevent these from being routed to users' inboxes.
  • Execute header analysis. E-mail headers often contain clues that the message is spam. Headers can be analyzed to block spam messages.
  • Establish blacklists for e-mail hosts, domains and users. Blocking messages from known spam hosts, domains and users can help significantly cut down on unwanted e-mails.
  • Invest in anti-spoofing. Preventing spam e-mails from looking like legitimate correspondence will help users differentiate the good from the bad, so they're not fooled into responding and attracting even more spam.

Here's a look at potential savings anti-spam solutions can deliver for a typical 1,000-user organization, assuming that 40% of the most troublesome spam can be eliminated, and only considering tangible benefits:

 
Current Costs
Potential Savings
Potential Annual Savings
Lost Productivity
$200,000 40% $80,000
IT Costs
$ 38,000 70% $26,600

Spam senders are as savvy as virus writers in out-foxing protection strategies and filters; they're changing text, altering headers, and changing e-mail hosts and domains to stay one step ahead of blocking technology. This cat-and-mouse chase means that the anti-spam solution providers are constantly enhancing their solutions, as well.

Eliminating 80% to 90% of spam is an admirable target. One of the biggest challenges, of course, is to ensure that valid communications are not blocked. Today, most anti-spam solutions capture about 40% of unwanted e-mails. Newer tools promise to hit the 90% mark, with less than 1% 'false positives' (important e-mail messages unintentionally blocked.)

The bottom line: The ROI for anti-spam initiatives is already significant, and will continue to increase as solutions become even more advanced.

Tom Pisello is the CEO of Orlando-based Alinean, the ROI consultancy helping vendors. CIOs and consultants assess and articulate the business value of IT investments. He can be reached at tpisello@alinean.com.

This was first published in April 2004

Dig deeper on Enterprise information security management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close