Email Security Myths and Half-Truths That Can Kill Your Budget

Working in IT can be extremely difficult at times. I am not talking about problem solving, troubleshooting or dealing with co-workers who still think its OK to install those goofy screensavers they downloaded for free.

The difficulty that permeates any IT shop, of any size, is trying to get management buy-in when their view is clouded by “what they read.”

Having a truly educated management team is a great thing. When they understand the nuances of technology, and yield to the experts when they don’t, all things connected work pretty well. However to many, educating themselves means reading an article or blog post here or there. This often fosters a sense of knowledge based on half-truths and opinion. Trying to get through to someone who is so entrenched in their beliefs because of what they read online is often an exercise in futility.

As an email administrator we know that myths surrounding spam, phishing and email security make for good headlines and you may have heard a few of them thrown back at you when trying to get approval for beefed up email security.

Sending marketing emails is illegal due to CAN-SPAM

It is frightening to think about, but I have seen instances where management feels that monies spent on anti-spam solutions should be reduced because increased legislation, or promises of tighter enforcement, will cause spam levels to drop.

CAN-SPAM has done a great deal to keep legitimate businesses from constantly pounding your inbox with junk mailings, but a few things about CAN-SPAM that are often overlooked are:

  • It does not make it illegal to send that first email contact, it only regulates that there needs to be an opt-out feature easily available
  • Most cyber-criminals don’t obey the laws
  • Most spam is sent from outside of the legal jurisdiction of CAN-SPAM

Spam levels are declining

This is one of those half-truths that is going to come back and hurt a large number of organizations that let their guard down. The levels of blocked spam has declined, this is true. But what is almost never included in a headline that promotes this belief is that spammers are getting smarter and finding ways to avoid anti-spam filters and phishing attacks are at an all time high.

Yes, the obvious spam emails that send subject lines in all caps advertising for cheap pharmaceuticals and lower mortgages may be down, but that’s because even the most primitive anti-spam solutions can stop them.

Anti-spam solutions are way too expensive for SMBs

Yes, some are. If you are looking to employ a cookie cutter solution that is used by large corporations then you could easily find many solutions to be well out of your smaller organization’s reach. To compensate, some try to go the consumer protection route like they do with anti-virus solutions. This often results in a fail as well.

A little research will show that there are solutions custom tailored for small to medium sized organizations offering an easy to use management suite at a cost that meets most budgets. The key is, finding one that offers comprehensive protection – not just keyword filtering.

The firewall will stop any incoming illicit emails

Over the years the firewall has become the panacea for IT security in some people’s eyes. The firewall has been used as a content filter, an anti-malware solution and defender against vulnerabilities. The term has become a catch all for security.

But a close look at most organizations who have reason to be confident in their security employ multiple tools to address the variety of threats. The firewall is there to protect against illicit traffic, the web application firewall protects much of the web site, anti-malware defends against viruses, worms and Trojans, the web content filter keeps people off of dangerous web sites and the anti-spam solution stops dangerous and annoying emails.

I’m sure there are many other “facts” that have been thrown at you over the course of your attempts to better secure your resources. Please share any interesting beliefs you have heard over the years to counter your need to spend a little money when it comes to email security.

Written by Jeff


  1. Daisy Rue · December 18, 2012

    This is a very nice article. It’s such an excellent take on a lot of hype that we’ve been hearing for the past few months. I’d like to talk about point no.2. Yes, I’ve read a lot of them, some of them here. And never for once did I believe the figures. If the decline is real, then we should be able to feel it. Obviously, we don’t. Worse they have changed a lot. The spam mails sound more professional and convincing. They also carry a lot of threats with them including harmful links.

  2. David Black · December 18, 2012

    Management will always listen to myths that save money and will disregard everything else. This is why any solution that costs money, be it an anti-spam filter or whatever, is frowned upon, unless really necessary (translation: when it is past due because out company is now buried in spam). This is the very nature of (good) management – to try to cut expenses. It’s a different question (with an obvious answer) that you can save hundreds on software but lose thousands because of spam. If management is not convinced something is a must, IT pros are facing a wall that is hard to break.

  3. Bryan Castro · December 19, 2012

    Nothing ever guarantees a complete prevention of spam, phishing, malware, and other e-mail or online threats. In fact, those who do are too good to be true and are therefore faking it. They’re not worth the attention or the purchase at all. That’s the reality of life. There are no fool-proof warranties. However, let’s also not discount the fact that some programs have been designed extremely well and that they can surely help us fight spam and all other threats to a more advanced level. They ensure we have fewer things to worry about once we’re already online.

  4. Magic Morgan · December 21, 2012

    I’d like to inform everyone, especially those who are running small businesses, that indeed there are reliable and affordable solutions out there. In fact, a good number of them are scalable. This means you can upgrade your chosen service or product as your business grows. This setup is more ideal since you don’t have to give up the product or service should your enterprise gain more customers and thus manage or receive more data. As a bonus, most of the developers are willing to give away these upgrades for free or for a very minimal amount.

  5. Abe Cornish · December 27, 2012

    I think that the best anti-spam solutions are those that carry quite a hefty price tag. After all, it takes a lot of technologies and ingenuity to come up with something that works most of the time. But then again, I wouldn’t mind spending money on such tool if I know that it is very effective and it helps me run my businesses and personal inboxes so smoothly. Of course it’s a bonus if it does more than just prevent any spam mail.

  6. Arnold Bless · December 31, 2012

    The article is actually right. Most of the spam mails we received were sent from other countries, such as Africa and Asia. Again, it also points out the reasons: criminals do not know how to follow the rules. To make things work, they are very sneaky and willing to go around them in any chance they get. That’s why we do need the UN to generate provisions or guidelines that apply to as many countries as possible. But the United States is, unfortunately, not interested due to “privacy reasons.” Seriously when did they ever become concerned with privacy? They’ve been invading ours for a long time now.

  7. Jackson · January 2, 2013

    I think that spam is declining, because one we become more educated about it. Second we’ve invested in good filters, if not we’re using the one provided by our e-mail platform effectively. Many anti-malware solutions now incorporate an anti-spam feature, which means it also helps detect messages that are considered suspicious. Nevertheless, the decline is hardly felt because it doesn’t happen for a long time. Just when we already figure out what to do, the spammers come up with something more sinister or close to the real thing. Hence, we’re having a hard time keeping up with them or implementing a much better solution.

Leave A Reply