/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsJan Sundgren
Spam can have a major impact on an organization’s e-mail system, clogging up bandwidth and storage, which alone is sufficient reason for deploying an anti-spam solution. However, organizations also need to consider the impact of spam on users, including the negative impact on productivity and morale, and the potential legal liability of the organization, for not protecting users from spam.
Regarding the impact of spam on user productivity, a common measurement approach is to estimate the time spent on dealing with each spam message and multiply that by the number of spam messages. There are estimates out there from a variety of studies, plus several cost calculators provided by vendors. For example, see the following website.
In using these calculators, a lot depends on how much time you think an employee spends dealing with a spam message, as well as the cost of employees’ time and, of course, the amount of spam coming in.
An estimate from Cloudmark assumes that 10 spams per day per employee results in lost productivity of $86 per employee per year. That estimate closely matches what the cost calculator comes up with if you assume five seconds per message and an average hourly salary of $25.
In terms of spam quantities, you would need to figure out how much your particular company is getting. On this point, the estimates vary quite a bit, with the range for percentage of e-mail that is spam being between 20 percent and 50 percent.
Giga agrees that spam is an increasing percentage of e-mail and that it affects user productivity, but we are a little skeptical of efforts to add up a few seconds spent by employees on each spam message to come up with a grand total.
The numbers are very sensitive to whether you think the time wasted per user is five seconds or just three seconds. Also, a good deal of the impact on user productivity probably stems from other dynamics, including users actually reading spam or fiddling with filters in an attempt to control the problem.
Regarding the issue of legal liability, vendors that sell anti-spam products and services routinely mention this "potential liability" as one justification for fighting spam. It may indeed be a potential liability – it’s hard to predict what kind of lawsuits might be filed – but we have not yet heard of any actual cases along these lines.
There are well-known cases of companies being found liable for offensive e-mail circulating within the company (Chevron’s $2.2 million settlement comes to mind), but in these cases, employees of the company sent or forwarded the messages. Similarly, spam legislation seems to hold the actual person sending out the spam liable.
Preventing offensive messages from entering the network in the first place prevents users from subsequently forwarding them, so reduced legal risks as a rationale for gateway spam (and other content) filtering isn’t so farfetched.
And though liability for spam sent by someone outside a company is something we have not encountered yet, it may only be a matter of time before the obligation of companies to prevent a hostile environment drives a lawsuit along these lines.