Tech Audit

Take a Bite Out of Spam

  • Print.

If you receive e-mail, you have a spam prob­lem—even if you are not currently receiving spam. It will find you despite the recently enacted federal CANSPAM Act.

There are ways to minimize the problem, but most are inconvenient: not publicizing your e-mail address, using graphics on your Web site rather than text for your e-mail ad­dress, encrypting “mail-to’s,” not filling in your e-mail address on electronic forms or even on paper applications, having different e-mail ac­counts for different purposes, or simply not giving out your e-mail address at all.

But what good is a one-way communication tool to a law firm that is in the business of communicating? It is like a cell phone that is only turned on when one is making a call. E-mail doesn’t work that way. Sooner or later, any law professional actively using e-mail will be found by spam.

On its Web site, Hormel brags that Spam—its canned meat product—is so good that it’s gone. That is not true for the electronic variety. A kind definition of the electronic version of spam is junk e-mail: the Nigerian prin­cess who will pay you $1 million if you send a $3,000 processing fee, the magic potions and cure-all drugs available to anyone, and worse.

It was not long ago that David Hirsch received 50 spam messages a day. He regarded that as tolerable, easy to de­lete in seconds. When it got to 100 a day, it was a nuisance. At 150 unwanted e-mails per day, real e-mail tended to get lost among the spam unless he rigorously attacked the inbox, wasting at least 30 minutes a day deleting spam. At 300 per day, the current level, a spam management tool is essential.

David Beckman is not far behind in spam volume, and now every person in our office receives at least three unwanted messages a day. For some organizations, spam is more than 50 percent of received e-mail.

Yet putting a spam problem into the digital trash can is no easy task. Beckman recently met a person from a large law firm that felt it had tightly locked down its mail server so no spam could get through. An irate lawyer then angrily complained about e-mail that was not being re- ceived. It turned out the firm really did represent a Nigerian princess.


There are many “wrong” ways to control spam. One is to just delete it. But that is not likely to be a good long-term solution. Another way is “unsubscribing.” A lot of spam contains a link allowing you to reply and unsubscribe. But the conventional wisdom is: Don’t do it. While unsubscribing may work for honest spam, unsubscribing confirms a live e-mail address and can lead to much more spam. Un­- subscribing also takes time. At best it is a par­tial solution.

You can whitelist. There are programs that permit you to receive e-mail only from domains or specific addresses that you authorize. This should be unappealing to most in the legal profession. Imagine if you had to pre-approve all area codes or specific telephone numbers your telephone would accept.

You can blacklist to block e-mail. There are two ways to do this: Subscribe to a commercial list that keeps track of spammers, or create your own blacklists if your e-mail program supports blacklisting. Both solutions have problems. Legitimate domains sometimes wind up on commercial blacklists, and it can be excruciating to get a do- ­main removed from a blacklist (as when the ABA Journal was mistakenly added to a blacklist). And it is futile to personally blacklist domains or addresses because spammers change domains and techniques faster than your rules can keep up with them.

You can also create rules or macros that filter spam based on content (such as words, phrases or purported senders). But the rules are like personalized blacklists; you will not be able to keep up.

Your e-mail server can do reverse domain lookups on received mail. But even that is not a good solution because many legitimate domains are not configured to allow a reverse lookup.


There are some anti-spam methods that work. Spam­Jam for Lotus Notes works almost like artificial intelligence. It sits on your mail server and is preconfigured to recognize nearly all spam by analyzing content. It learns from its mistakes as you inform it of which messages are and aren’t spam.

The philosophy of SpamJam is that spam must be controlled close to the user. Why? The Nigerian princess example from earlier. A message format that may be spam to one person may be another person’s critical message. Spam­Jam costs $1,000 for 10 users, then $50 for each additional user. Larger groups are significantly less per user.

NetCleanse says its product is used in law firms with as few as five licenses as well as those with 1,200 licenses. It is priced at $2.50 per month per user and the minimum up-front charge is $625, to be applied to your monthly licensing fee. (So if you only had one user, you would have 250 months paid for.)
NetCleanse requires a computer to use as its server. It follows heuristic rules of thumb to identify spam by analyzing content. In addition to filtering spam, it scans Web traffic for viruses. Its rules are updated every 10 minutes.

It also assigns a mathematical code for each message and reports that code to NetCleanse. It can tell if identical messages were received by a large number of its subscribers at about the same time. If so, it labels that e-mail as spam. It pushes a summary of blocked e-mail to you at specified intervals.

The service appears innovative, impressive and affordable. NetCleanse works with about any e-mail platform or operating system.

If you have faith in statutes to solve social problems, you may rely on the CANSPAM Act of 2003, 15 U.S.C. §§ 7701-7713. However, most in the legal profession will be better off if they take action.

The best way to take the bite out of spam is to seal it back in the can. If you receive more than 50 unwanted e-mails per day, a filtering program is definitely worth purchasing.

David Beckman and David Hirsch practice in the law firm of Beckman & Hirsch in Burlington, Iowa. Contact Beckman by e-mail at [email protected] or Hirsch at [email protected]

Give us feedback, share a story tip or update, or report an error.