CPA firm defends against spam: outsourced security service provides cost savings and increased staff productivity

Communications News, Dec, 2005

One afternoon in the height of the 2005 tax season, accountants at Cannon & Company waiting fin client communications began noticing delays in e-mail delivery. As Sara Oaks, network administrator and bead of information services, recalls, "A couple of people asked me why they hadn't received an e-mail sent 30 minutes ago. While I was doing the normal checks on my system to see if anything was non-functional, I got a call flora our service provider's NOC asking what was wrong. They were seeing mail stack up in their servers, queuing for our domain."

Cannon & Company, a full-service CPA firm in Memphis, Tenn., provides a full range of accounting, auditing, tax, management advisory and other professional services to clients representing all facets of the economy. Its staff of professionals provide expertise in various fields, including the medical industry, wholesale distribution, manufacturing, not-for-profits, retail, and pension and profit sharing plans.

With such a large client base, the pace becomes hectic in April for the 40-member company. For a CPA firm, there are few things worse than going down during tax season. On this April day, a deluge of spam brought on by a directory harvest attack was severely impacting Cannon's network. The firm's new perimeter-based managed e-mail service, however, overcame the attack.

Spam can raise a plague of biblical proportions. Ask the firm's four directors, who used to spend many hours a week sorting through e-mail and eliminating spam, deeply resenting the infringement on their time and productive capacity.

The company had previously tried to protect itself with an antispam software program, but the cure was almost as bad as the disease. Users had to tag each message as legitimate or not so that the program could screen senders. That eventually reduced but never blocked the influx of spam.

Finally, Cannon replaced the software with the perimeter-based managed e-mail service, mailMAX from SecurePipe.

From the beginning of October 2004 to the end of October 2005, more than 1.2 million inbound messages destined for the Cannon e-mail system were routed instead through mailMAX servers. Delivery of approximately 95% of that traffic was prevented.

For Cannon executives, the ratio of spam to real mail was even higher. Returning from a nine-day vacation, Cannon's president, David Curbo, found that 3,000 messages had been blocked-99.94% of the incoming stream.

mailMAX scans both inbound and outbound e-mail, checking for spam, viruses, harassing of inappropriate content, pictures, key words, attachment types, and message size. The filtering service, built by Cincinnati-based Mycom and recently acquired by Chicago-based SecurePipe, operates on highly secure servers in the SecurePipe network operations center (NOC).

CLIENT IMPLEMENTATION IS SIMPLE

On the front end, reporting tools provide real-time information on e-mail traffic. The system automatically sends summary notifications of stopped messages to the network administrator, individual clients of user groups. On the back end, mailMAX security engineers proactively monitor traffic, alerting the designated IT contact in the client company when issues develop.

Because there is nothing to install on the client network, implementation is simple. According to Oaks, "All that I needed to do was make some changes in our Novell Groupwise mail server configuration in order for us to communicate with the mailMAX servers, and for our mail to be directed properly. Once we were communicating, I went out to the mailMAX Website and configured each area to shelter mail properly."

Initially, Oaks and her assistant devoted time to inputting information for the spam filter. Once mailMAX 2.0 came out, those time requirements dropped off to almost nothing, she says. The new version provides usability improvements and functional enhancements, including IP address blocking, real-time blacklists and sensitivity settings for its multifactorial spam blocking.

"We bumped the screening level up and found that the good e-mail was still getting through and spam was reduced to a negligible amount," Oaks offers. "In addition, version 2.0 allows us to control the size of incoming e-mails."

Because the solution does not reside on the firm's network, interoperability with other network components is a non-issue. At the time it was introduced, Cannon's network environment consisted of a Novell 6 server, Novell Groupwise e-mail server and 40 workstations. Since then, the network has been totally replaced with a more complex environment, consisting of a Windows 2003 file server, Microsoft Exchange 2003 server and two Citrix Presentation 4.0 servers.

To transition from one network environment to another, Oaks only had to send two e-mails. The first informed the mailMAX engineers of the new mail server details. The second was to verify what had to be changed on her end.

HARVEST ATTACK PREVENTED

"Spam blocking was what we were looking for originally because we hadn't experienced virus outbreaks. But virus screening has been a major side benefit of the service," explains Oaks. Integrated with its spam blocking, mailMAX virus screening supplements Symantec AntiVirus Corporate Edition Version 10.0 running on the network mail server.