SMEs hit hardest by spam

Smaller businesses, and companies that publish their employees' email addresses on the web, are far more likely to be swamped with spam, according to a new study.

Antispam services provider Postini said in its annual Email Security Report, published on Wednesday, that small businesses and companies in certain industries are experiencing more frequent spam attacks than other businesses. Companies with 100 or fewer email addresses received up to 10 times more spam per user than businesses with 10,000 or more email addresses, it said.

Like other recent reports, Postini's study contends that efforts to quell the rising tide of unsolicited email have done little to stop the problem from growing.

Researchers found that during the course of 2004, spam accounted for 75 per cent to 80 per cent of all email, and virus attacks carried by email tripled. Postini also said that so-called directory harvest attacks, in which spammers mine information technology systems for new email addresses, continued to trouble corporate servers.

Chris Smith, the marketing director at Postini who authored the report, said it's hard to tell whether smaller companies are doing something wrong or are merely outmatched by savvy spammers.

"Obviously most small businesses don't have the same IT resources as their larger competitors, but you also have to wonder if people at these companies aren't contributing to the problem," Smith said. "It's very likely that many smaller businesses don't have the same level of email hygiene or discipline that is typically enforced at a larger company."

If the issue for small companies is indeed a question of their employees' behaviour, it wouldn't help them even if they could afford the sophisticated IT defence systems their larger counterparts use, Smith said. He believes the only way for executives at small companies to stem the spam issue is to repeatedly reinforce the message among workers about how costly a problem spam can be.

Conducting business publicly on the web - specifically publishing company email addresses online - is another surefire way to garner heaps of spam, according to Postini's research. The report said that certain industries are more likely to expose addresses, including the publishing, advertising, legal and real estate sectors, which received more than 10 times the amount of spam as companies in other markets.

Postini contends that despite continued efforts to slow spam - such as the US federal CAN-spam Act and the stepped-up pursuit of individual spammers by law enforcement agencies - the blight will continue to spread in 2005.

"The laws and litigation are good steps, but they haven't started to make a noticeable dent yet," Smith said. "It's so easy for people to evade detection, and laws like CAN-spam have such gaping loopholes, that people aren't yet being deterred from trying. Spam is still a problem that will get much worse before it gets much better."

Matt Hines writes for CNET News.com.