A couple days ago, a fellow anti-spam specialist posted an interesting article called “To Delete or to Quarantine? That is the Question” on the GFI blog, AllSpammedUp. I would recommend you read his article prior to this one. The author, Ed Fisher, was discussing several of the problems attached to spam-quarantine management from both an IT administrators and an end-users perspective. Within my role at Vircom Email Security, I’ve asked myself the exact same questions a couple months ago during what became the directQuarantine product definition.
What are the pain-points associated with quarantine management solutions provided by exisiting anti-spam and email security products? And I came up with a list very similar to Ed’s:
End-users need access to their quarantine quickly. Otherwise, the IT help desk gets flooded with requests.
Email has become a predominant communication platform for a majority of business users throughout the planet except maybe Thierry Breton’s Atos Origin: As Ed notes, even though there is no guarantee of delivery in the technical email world, end-users rely and expect email to work the way they intend it to: sent an email, the recipient will receive it (very much like a phone call, as Ed notes). And with this in mind comes the importance of being able to quickly locate, and release, any False Positive emails that may be have been quarantined by a spam filter.
End-users must be able to easily and quickly locate false positives in their quarantine. Today’s information travels at light speed and workers are expected to react quickly. No way an end-user will wait until the daily (or worse, weekly) quarantine report is generated and then sent to him if it is even being made available to him. The alternative web-based quarantine are often cumbersome: the end-user has to remember the URL to log-in to, his email username and password, and then go through the process of trying to find a specific email among a ton of spam using a basic web interface. (I so much do not envy pharmaceutical researchers working on Viagra pills)
==> Conclusion 1: from an end-users email communication perspective, spam shall be stored in a quarantine folder instantaneously, be easily accessible, be searchable and allow releasing false positives using a single mouse click.
The quarantine must not grow indefinitely. Otherwise, expensive disk space will be wasted.
Although the average size of an email is highly dependent on your role and industry, it is generally accepted that an average email weights in around 30 and 75kB (if you are surprised, think about HTML, signatures, embedded graphics and attachments). So, let us consider an average email size of 50 kB, an average of 75 emails received per user per day (reference: Radicati research, 2011) and between 70% and 90% of all received email being junk. One can easily come up with estimates: each day, every corporate email user receives about 2.75 MB of spam. Expand this onto a 5,000-employee company and it represents over 400 GB worth of spam being stored on disk, every month!
==>Conclusion 2: from an IT’s storage perspective, quarantine shall be deleted as soon as possible.
So, To Delete or to Quarantine ?
Because email communications are business-critical (sales, customer request, new leads, research data, FOMO: fear of missing out), there is no way end-users will accept having their spam stream deleted right away (or rejected at the SMTP level for that matter). And because of the huge disk cost of spam, there is no way IT managers will accept storing quarantines for anything more than a week or two.
Let’s be bold, the answer of the question above is: BOTH!
There is no reason why both conclusions above shall be mutually exclusive. Even more, implementing both of these with a proper solution shall reduce your IT department’s day-to-day end-user quarantine management. End-users will no longer open tickets to request that a specific email found and released from the quarantine, they will no longer open tickets to get the URL/username/password for logging into the web-based quarantine and they will no longer open tickets to complain email is not working properly.
How can you do this?
The solution is comprised of two components. I will use Vircom’s solution as an example. If your own solution doesn’t offer you these options, it may be time to think about this again when your renewal comes up.
First, the modusGate Email Security Gateway:
- performs the junk filtering and stores all spam in a end user’s quarantine.
- automatically deletes spam older than 10 days (the Auto Clean-Up can be set to a shorter or longer period as desired).
Second, the directQuarantine Outlook add-on creates a new Quarantine folder right in the end-users Outlook email client. (see screenshot on 
the right for a more explicit view). End-users can:
- view the list of quarantined email and their content (sender, subject and of course the body of the message).
- search their quarantine using the native Outlook search and filter to locate important false positives.
- release false positives from the quarantine to the Inbox with a single click.
It can’t be any easier than that. No IT intervention required, and the end-user is happy.
==>Disk Cost Problem: Solved (spam will automatically be deleted after a period of time).
==>End User FOMO: Solved (spam available for selective retrieval in end user’s quarantine).
==>IT day-to-day spam handling: Solved (end-users can easily manage spam and false positives from within Outlook).
Do you have this functionality in your existing anti-spam products? Have you been looking to reduce your IT overhead in spam management? How are you handling your quarantine spam in your business?
Leave a Comment