Many Monty Python fans rank the Spam Skit, where a waitress recites a litany of breakfast options featuring spam, among their favorite sketches from the troupe's 1970s heyday. Somewhere along the way a cunning linguist in Silicon Valley transformed the brand name of the processed meat product into a common noun for unsolicited electronic mail.

(Illustration by Nancy Soulliard for ENR)

Most who receive e-mail today are very much like the hapless wife in the Python skit: doomed to be served spam, stunning amounts of it, whether we want it or not. Opening the e-mail seems to take longer every day, culling legitimate business-related messages from a variety of get-rich schemes, snake oil pitches, offers of spiritual enlightenment, political spiels and sexual come-ons.

What started as a trickle a few years ago is now a flood of electronic junk, and the design and construction community is not immune. "We spend about 10% of our annual IT [information technology] resources on dealing with spam and viruses," says Angelo Privetera, chief information officer of HDR, the Omaha-based firm ranked 22nd on ENR's Top 500 Design Firm listing for 2001. Each of HDR's 65 offices across the country has at least "three or four key outside clients that we share data with," Privetera says. The volume of data moving back and forth is huge.

"It's almost impossible to define what's acceptable and what's unacceptable across the board," he says. "We have to approach each network hub on an individual basis. I can't begin to quantify how much time we're wasting. I myself delete 15 to 20 e-mails every morning."

He's not alone, judging by the traffic pattern recorded by Brightmail (www.brightmail.com), a San Francisco-based message management service vendor that attacks spam and Internet viruses on a critical path level, in the realm of the Internet Service Providers (ISPS), Application Service Providers (ASPS), Internet portals and large enterprise customer servers. Brightmail claims seven of the world's top 10 ISPS as customers, including well-known names such as at&t, WorldNet, EarthLink and Excite.

Brightmail software looks at the body and source tag of incoming messages and blocks those messages that are identifiable as spam."When we started measuring spam attacks in late 1998, we recorded 1,000 to 2,000 attacks per day," says Ken Schneider, chief technology officer (see chart). "It's now running at a rate of 30,000 to 50,000 attacks per day."

Each "attack" may contain hundreds or thousands of pieces of spam, he adds. Brightmail Solution Suite 3.0, launched in December, offers a range of services, including spam and virus blocking on a real-time, 24-7 basis. Cost is by subscription, typically $10 to $15 per mailbox for a customer with "a few thousand mailboxes, minimum," he says.

Redwood City, Calif.-based Mail Abuse Prevention System LLC (www.mail-abuse.org) offers help for a fee of about $500 per year. maps tracks and blocks known spam mailers either by identifying and blocking mail from those addresses or by looking for "open relays" that permit spam mailers to bounce mail through unprotected servers of legitimate firms.

"The service looks for vulnerable servers and puts them on a list. One architectural firm we work with was on the list," says Adam Koczarski, director of information systems for Seattle-based structural engineering firm Skilling Ward Magnusson Barkshire. "For more than a year their server was used, without their knowledge, as a spam relay. We started rejecting their e-mails," says Koczarski.

He says Skilling's spam service blocks roughly 150 e-mails per day. "If the filter gets shut down for some reason, I start getting calls from the staff," he says.

Spam blockers work, first of all, by rejecting e-mails containing key words, such as Viagra. The word "sex" also triggers the filter. "Sometimes it is tough to screen e-mail and not block real clients," Koczarski says.

Keyword filters are by no means foolproof. E-mail from Seattle-based steel erector The Erection Co. frequently triggers spam filters. But office manager Sally Geiger says that if clients' filters are rejecting e-mails from The Erection Co., she is unaware of it. The firm took that possibility into consideration when it created its Website–under the identifying acronym TEC. "Our e-mail, too, goes out under that title," says Geiger. "I didn't want to have to handle all the irritating teenagers." For incoming communication, TEC's filters apparently work well; Geiger says spam is not a problem.

"The problem has escalated over the past year," says Koczarski. "We have seen a much greater volume of spam and firms without filters are likely inundated by it. That's a lot of stuff for people to have to deal with. I get eight to 10 Spam e-mails a day, even with the filter in place."

Skilling uses the corporate edition of Symantec, which now controls the Norton anti-virus program. Its Linux system allows "tweaking" of the system. Koczarski can "tighten the screws" but runs the risk of eliminating legitimate e-mail correspondence. "It is a difficult balancing act," he says.

The problem is too much for an IT manager to take care of without outside help, says Joyce Graff, a vice president and research director of Gartner Inc., a Stamford, Conn., technology consulting firm. Not only is spam annoying, Graff points out, it also wastes disk storage space.

Click here to veiw graph

Michael Herrick, president of Santa Fe, N.M.-based Matterform Media (www.matterform. com), agrees. "For some reason it's gotten really bad this year. Spam is chewing up a lot of bandwidth and cpu (central processing unit) drive space." Herrick's company has developed a product called Spam Vaccine that takes a different approach from filters. "Instead of trying to block your incoming spam, we try to prevent you from getting on the spam list in the first place," he says.

Spam bots comb Websites, harvesting e-mail addresses by the millions. (Spam e-mail tools commonly are sold with CDs listing 10 million addresses for less than $100, says Schneider.) The Spam Vaccine converts a Web page's e-mail addresses to html or Java script. A human can read the address, but it is unreadable to a spam bot, Herrick says. A further step imbeds images into the address, which thwarts the most persistent bots. Herrick's target market is Web designers and corporate Web masters. He also is working on a filter system that applies "fuzzy logic" to defeat the bots.

Jim Jacoby, chief information officer for Houston-based design firm Walter P. Moore, overseas about 300 users in seven offices across the country. "We're experimenting with filters, but we hesitate to apply them unilaterally across the system," he says. "We really have to monitor our system on the server and tweak things at the desktop level. We can watch ourselves being probed in real time on the server. It's very much like the Cold War. Every action causes a counter action."

Anne Bell, information technology manager at Portland-based Hoffman Corp., says, "We are working with users who get spammed a lot." Hoffman uses a Norton product to screen spam and has used others. "Until we did so, we had no real idea how much of this stuff was coming in," Bell says.

The problem "is definitely on the rise," she says. "It takes time for employees to differentiate between spam and business e-mail when they come in to work and have 40 messages awaiting them. We didn't used to have to worry about a lot of this."

Now, however, IT managers spend a portion of each day reviewing spam and virus Websites and reading daily newsletters informing them of the most recent new problems.

"We scan mail as it comes in and can block it either by rejecting all incoming mail from a specific domain or by blocking e-mails containing key words," says Bell. Incoming e-mail attachments are scanned for viruses. "We are now blocking up to 2,000 a day," she says.

IT managers should not look for help from legislators, although states like California and Washington have passed anti-spam bills. Several anti-spam bills have been introduced in Congress but none have been enacted. That may be just as well, says David E. Sorkin, a professor at the John Marshall School of Law in Chicago, since "the bills on the Hill get so watered down that passing them would do more harm than good. But we have a long way to go."