Australian IT managers agree that private industry and government need to join forces to stem the tide of unsolicited e-mail which is growing at a rate of five per cent per month.
West Gippsland Healthcare Group’s IT manager, Joseph Oppedisano, believes that the introduction of e-mail legislation is overdue. To date, organisations have had to tackle the problem alone introducing policies, processes and filtering technologies to protect their organisations against legal liability as well as tackle the productivity and financial burden that comes with spam.
Oppedisano said while his organisation mostly relied on users “to not divulge their e-mail addresses unless they really have to”, the group does use “some basic Outlook filtering and Firewall filtering”, and is considering using antispam software.
“[Spam] is not a major issue in our organisation but it is serious enough for us to consider antispam software. Many of our users receive enough genuine e-mail without the added burden of spam,” he said.
While he believes the legislation should deter a large proportion of existing spammers, Oppedisano fears that spammers will find ways of using overseas resources to avoid detection.
Currently 90 per cent of e-mail in Australia is sourced from overseas and the federal government estimates 20 per cent of e-mails in Australia is spam, which accounted for one billion messages last year.
Oppedisano said the only people who would be disappointed or see the legislation as a threat would be spammers themselves.
Harlequin Mills & Boon IT manager Paul Singh is more concerned about the productivity impact of spam and its ability to slow the network, at times causing important e-mails to be blocked or delivered late.
“We use e-mail filtering systems to stop as much we can, but it is becoming harder to manage this on a day-to-day basis,” Singh said.
He supported the legislation, “but if it is going to cost too much to the business then I don’t think it is the right solution; the cost should be at the spammer or junk mailer’s end and not at the business end”.
Singh believes Australia should work with other countries to formulate global legislation, “as this is a global issue rather than a local one”.
As reported in part one of the series it is a global war that cannot be won without international support, particuarly the US, which generates more than 50 per cent of the world’s spam.
Singh said the legislation would not affect his organisation’s external e-mail communications, as the company only sent newsletters to subscribers.
The IS manager of pharmaceutical company Boehringer Ingelheim, Matt Perry, said his organisation would continue to provide its own measures to combat spam and would not rely on the legislation.
He said Boehringer uses NetIQ Mail Marshall “sitting on an ISA server” to filter mail and prevent spam.
Perry said his organisation had an e-mail marketing program that was a “heavily regulated and controlled opt-in solution” and that would comply with the legislation.
Right Management Consultants’ IT and communications manager Asia Pacific, Toby Dods, said his organisation used a dedicated mail filtering server, MailMarshal, which examined all inbound and outbound e-mail for viruses, spam and pornography.
“The more senior members of staff are the ones whose e-mail addresses are more likely to be prominent and therefore more likely to attract the attention of spammers,” he said.
“As their time is the most valuable to the company, it costs us the most to have them deal with spam.”
Dods said the e-mail legislation was “very ho-hum, due to the fact that many spammers are international so national laws have little effect” and that a charge on outgoing e-mail would be more effective.
Dods said he doubted that the legislation in its current form would make his life easier.
“We look after ourselves. Hacking is also illegal but I’m not exactly going to remove my firewalls as a result,” he said.
“As such, we would continue to protect ourselves regardless of the legislation. Individuals would be unlikely to mount legal action due to the costs, so unless it were a class action I can’t see it happening.
“Unless businesses suffered consequential loss, as an example a mail denial of service attack, then I doubt they’d prosecute either.”
The fact is penalties under the legislation range from up to $1.1 million a day for organisational repeat offenders and $220,000 a day for individual repeat offenders.