FRAMINGHAM (03/09/2000) - It was business as usual at Union, N.J.-based shipping company CaroTrans International Inc. until a mail-borne virus - too new to be caught by the company's virus scanner - snuck through the company's Microsoft Exchange Server. The rogue infection attacked about a dozen machines and wiped out numerous files before the firm's information technology department stopped it.
It got CaroTrans' IT outsourcer - Freight Systems Inc. in Cherryville, N.C. - thinking about how to ward off unwanted e-mail. Freight Systems chose an e-mail scanning package that can view the content of every message passing through corporate servers.
Mail scanning may make many people think of Big Brother, but as e-mail use and abuse continues to grow, corporations increasingly worry about e-mail as a security hole. Recent denial-of-service attacks on Web sites, possibly aided by subversive programs distributed via e-mail, add to the anxiety.
According to Jodi Beebe, hot line director at the Privacy Rights Clearinghouse in San Diego, employers have the right to monitor employee e-mail.
Freight Systems installed MailMarshal from Auckland, New Zealand-based Marshal Software. According to Zack Godwin, a systems engineer at Freight Systems, MailMarshal enables the company to scan for viruses and unnecessary attachments.
According to analyst Victor Wheatman at Stamford, Conn.-based Gartner Group Inc., companies consider scanning e-mail for several reasons, including the following:
-- Regulatory requirements force some security firms to scan all communications between brokers and customers.
-- Spam can clog mail servers.
-- If spammers use your servers as relay points for "spoofing" (masking where spam originates), downstream message recipients who can prove you did nothing to remedy the problem may sue for damages.
-- Health care and law enforcement agencies want to keep confidential information from unauthorized people.
-- Employers may have concerns about employees using e-mail to send pornography or other inappropriate materials.
No Easy Solution
Current products such as MailSweeper from Kirkland, Wash.-based Content Technologies Inc. and Message Inspector from Burlington, Mass.-based Elron Software Inc. can examine all incoming and outgoing e-mail at the server for inappropriate or virus-laden attachments, offensive language or unauthorized information.
Once such products detect a problematic message, they can block it from transmission, respond with a warning, forward it to a quarantine mailbox or a respond with a combination of all three techniques.
But according to customers and analysts, mail scanning requires more than just installing a tool and letting it run. Scanning for content can become time-consuming, even with severe limits on what's considered questionable.
A recent Gartner report estimates that a securities company with 10,000 employees would need to hire an additional 10 workers and spend up to $1 million per year reviewing e-mail.
You can cut such costs by reducing the scope of the scans - say, from looking for certain words to looking for certain types of attachments. But in overworked IT departments, any extra work may be too much.
Gary Jones, a network manager at a large eastern U.S. construction firm, who asked not to be identified, found out about the workload the hard way.
His team installed Message Inspector and set it to direct mail that had attachments or potentially inappropriate language to Jones. His administrator mailbox was quickly flooded with questionable messages. Unfortunately, some of them were false positives. For instance, the scanner would flag "Virginia" because it contains the possible hot-button word "virgin." Jones quickly decided to scan simply for attachments.
Godwin avoided getting overloaded by false alarms by instructing MailMarshal to check only for executable and JPEG file attachments. "We haven't set up a lot of filters yet," he says. "We want it to catch what we want and let as much other stuff as possible pass."
Better Than Nothing
A need to deal with an overwhelming flow of e-mail is one of the main reasons Nitin Agarwal says he began investigating automated e-mail scanning. Agarwal, an IT consultant at Diamond Dye-Chem Ltd. in Bombay, India, currently gets a copy of every message that travels through corporate walls, in an attempt to keep company secrets and other objectionable material out of e-mail. But with 70 employees, the flow is becoming a flood. And, as Agarwal notes, "once the mail has left the server, it doesn't make much difference whether you catch the culprit or not, since the data has already been leaked."
Some good news: Just telling employees their mail might be scanned - and teaching them about proper e-mail usage - may help as much as the products themselves.
Computers at Jones' company, for example, display an acceptable use policy each time a user logs on. "Everybody always asks me, Can you really see this or that?'" Jones says. "And I say, Yes, we can.'" Lindquist is a freelance writer and reviewer in Moss Beach, Calif.