Many law firms measure their fiscal success in billable hours. But when those billable hours are used for nonbillable tasks, the fiscal health of the firm suffers. That was the case with many of our legal clients when attorneys and staff at the firm were using valuable time sorting and sifting through spam. Houston-based Coats Rose Yale Ryman Lee decided it was time to address the issue and engaged Rafte & Company to assist.
The volume of incoming mail was taxing the firm’s Novell GroupWise server severely. The server had been in service for four years. When implemented, it was adequate for the task. However, the demands placed on the server had grown significantly, and it no longer could handle the job. A migration to Microsoft Exchange Enterprise solved the storage problems and resulted in a more stable system. For a while, the spam problem was reduced by some tighter controls on the server, as well as some basic mail processing with Trend Micro’s eManager. But the battle against spam is an arms race, and all significant factors constantly are changing. Soon the spammers techniques evolved to the point that eManager no longer was effective.
Also, like many other firms, Coats Rose had implemented BlackBerry devices to increase the connectivity of the attorneys. It was obvious from the outset that traveling attorneys constantly were distracted during meetings when their BlackBerry devices alerted them to the latest piece of junk mail.
In the Beginning
The problem began innocently enough. As was common in the early deployment of legal Web sites, a well-intentioned Web designer made the unfortunate choice of placing a listing of all the employee’s e-mail addresses on the firm’s public Web site. Once the page went up and the addresses were harvested, the firm was bombarded by spam. Short of changing all the users’ e-mail addresses or the firm’s domain name — an impractical option — a way had to be found to aggressively and reliably filter the incoming e-mail.
Because many of our clients had spam problems, we evaluated and tested several different types of filters, including services, appliances and various kinds of software. We even implemented some of these filters on Rafte & Company’s own e-mail system to do live testing. While researching, it became apparent that to be effective the filter had to catch the majority of spam while also avoiding false positives. If an attorney missed an important message, rescheduling a hearing for example, there was potential exposure to the firm. So the goal was to make the filtering system tight enough to catch the majority of the spam without keeping out the valid mail.
The Options
We started our research looking for a Microsoft Exchange add-on that was more effective than what the firm had been using. Many of these add-ons have limited filtering methods, and some are exclusively signature-based. The problem with relying solely on signatures is if the vendor is late updating them, the firm has to suffer until the new signature file comes out. Also, turning off a single signature is nearly impossible. I have seen signature-based filters block content I knew was good, and was told by the vendor the only way to fix the issue was to totally disable the signatures. This method proved to be an ineffective solution.
Another problem with this solution is the additional load these add-ons place on the central processing unit in the Exchange server. In the case of Coats Rose, the server already showed periods of high load, and we wanted to avoid burdening the CPU with additional tasks.
We had another client who was using Postini, a filtering service, and the Information Technology director was extremely happy with the results. But, as with other filtering services, the pros were offset by the cons. With a service, all e-mail must pass through external servers. For some of my clients, I knew this was going to raise concerns. Also, services have recurring monthly fees. Those fees might seem reasonable initially, but as the number of mailboxes being filtered grows, so does the monthly fee.
We also considered appliances. I tested some of these and found they worked reasonably well, but could carry a hefty price tag, especially for a small- to medium-sized firm. Like some software packages, they often use signatures, and these signatures and updates require an annual subscription.
As a part of these evaluations, I developed a feature matrix to help select the best product match. As the matrix was populated with information on these systems, one factor stood out. Many of the devices and software packages used the same core technology — SpamAssassin.
An Open Source Solution
SpamAssassin is an open source project under the auspices of the Apache Software Foundation. It’s developed and maintained by a highly skilled group of programmers dedicated to filtering spam. The best part is, it’s free. But could it be used effectively in the environments we supported? To answer this question, I built a Linux-based test server in our office and installed SpamAssassin and other necessary components.
Once the installation was complete, Rafte & Company began using the system as a mail gateway to our Exchange server. Results quickly were apparent. In one day, the filter blocked in excess of 700 pieces of mail and quarantined an equal number.
This system seemed to be effective, but how did it stack up against our other criteria? It intercepted the majority of our junk mail — as high as 98 percent. It did generate a few false positives on personal e-mails sent to some employees, but important, business-related mail never was blocked. The system is extensible, with a plug-in structure so new methods for detecting spam can be added. It’s completely customizable. Rules can be written and various spam detection techniques can be given more or less weight as needed. Also, during implementation there are different threshold levels that can be set to take action on spam.
Too Good To Be True?
At a meeting with Coats Rose, we discussed the results of our tests, and I offered to implement a similar system for the firm. In October 2004, I was given approval to proceed.
I ordered a small server, installed it at the firm and configured the filtering components. I modified the network so all mail would flow through the filter. At this point, the system actually was not filtering. It was just passing mail directly to the Exchange server. We began actual filtering with a phase-in approach.
One of the beauties of the filter is its ability to take different actions on a piece of mail. You can modify the subject line to indicate the mail is spam or quarantine the mail. Which action takes place is determined by the score the filter gives to an e-mail. After I notified the users the filter was in place, I began to lower the thresholds. Initially, suspect mail passed through the filter and had the subject line modified. This gave the users time to adjust and notify the help desk if any good mail was being mistakenly tagged as spam. After this break-in period, the second threshold was lowered and spam was rerouted to a quarantine system.
Success
The filter now has been in place at Coats Rose for three months. It proved to be highly effective. In the most recent 24-hour period, the filter refused delivery of slightly more than 10,000 messages and placed an additional 6,000 in quarantine. But the real success indicator came from the user feedback. A secretary who managed the e-mail for one of the senior partners shared the best success story. She said, “Carol was receiving about 100 spams a day. Now, most days, she receives zero. Your project has significantly reduced time wasted reviewing all that junk. I can’t say enough good things about this effort and result. Thank you!”
Bottom line: More of the attorney’s billable hours actually can be spent billing for the client. SpamAssassin was a strategically focused, successfully implemented technology.
Contact Rafte to solve your law firm's spam problems with a secure network spam blocker today at (713) 993-9637
Accelerate growth
•
del.icio.us
digg
facebook
E-mail this article to a friend (requires login).
|
OPML |
Search This Site |
Home