At PicNet we managed service a number of corporate environments, and at some, we have installed Google email filtering powered by Postini (that we resell rebranded as Risk shield email protection). At others, we have Sophos and also GFI MailEssentials.
From the statistics point of view it doesn’t matter what system is used. They all show similar results. The number that scares me is that across the board, about 10% of emails are legitimate. In some organisations, 2% of the email are legitimate, where in others up to 30% is legit (haven’t seen any higher). The average I have come up with is of 10% of “clean” emails.
So, if an organization receives 400,000 emails in a month (not uncommon for an organization of say 200 people); 360,000 of them are spam!
Some commentators say that “The impact of spam can be harsh on many organisations, leading to potential loss of financial, information, intellectual property and, importantly, loss of brand and reputation (SMH.com.au – How to reduce spam JULIA TALEVSKI September 8, 2009)”. Others are more concerned with the impact on the infrastructure and make decisions to “outsource” spam and virus filtering, reducing the impact on the organisation’s infrastructure and the risk of infection by viruses.
In any case, spam are here to stay and likely to increase over time… and IT management need to decide strategically how to deal with them.
I personally endorse the outsourcing concept, i.e. a reliable external provider of filtering capabilities that can block most of the spam and viruses on emails, before they “touch” my infrastructure, reducing the risk of viral infection, impact on my infrastructure, productivity of users and IT (no need to manage the anti spam infrastructure), etc.