To save itself the headache of putting out spam-related fires after the problem spread, United Fire & Casualty (Cedar Rapids, Iowa; $2.4 billion in assets) took a proactive approach and began its search for a suitable spam solution in Spring 2003. "Although IT wasn't receiving complaints about spam [from employees] at that time, the problem was irritating and on its way to becoming a real nuisance," contends Dave Schoettmer, technical services manager, United Fire & Casualty.
The underwriter of personal and commercial P&C insurance was in a unique position because words that are usually flagged as offensive by spam filters could be contained within legitimate e-mails received by the company. "We sometimes receive claims that contain the words breast or Viagra [via e-mail]," explains Schoettmer. "So we needed to make sure that legitimate mail would still be able to pass through [a spam filter]."
The insurer first turned to a capability that was part of its existing Microsoft (Redmond, Wash.) Exchange system, Schoettmer relates. The system features a blacklisting function that tracks addresses from which spam is sent. If an address is blacklisted, mail sent from it in the future is flagged. "This was a losing proposition because spam comes from so many sources," Schoettmer says. "We tried the solution for a month and it was clear that we weren't gaining too much ground."
Not All Black and White
Subsequently, Schoettmer and the carrier's e-mail administrator, Todd Burken, set out to find a tool that could more effectively filter spam while preventing false positive identifications of legitimate e-mail. The carrier began a trial of a vendor product by setting up a filter within its network. The tool relied upon a blacklist and a white list and corresponding keywords. The blacklist tracked keywords and addresses correlating to spam, while the white list tracked legitimate e-mail
addresses. Although the results were somewhat successful, Schoettmer and Burken weren't completely convinced.
"We were able to identify about 20 to 30 percent of spam messages, but we wanted to restrict more than that," Schoettmer says. He declines to name the vendor. "Then we got a cold call from another vendor. Their timing was fortunate," he adds. The new vendor was Denver-based e-mail defense solutions provider MX Logic.
MX Logic's Email Defense Service runs on the vendor's systems, so United Fire & Casualty didn't have to install or host anything in order to test the solution. Schoettmer explains that the carrier simply redirected its mail exchange (MX) record to MX Logic. An MX record is an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.
After receiving the underwriter's MX record in June 2003, MX Logic was able to provide reports that detailed statistics on messages that MX Logic's Email Defense Service determined were spam, as well as those messages that were allowed through. "The MX record tells the mail where to be delivered, so that it goes to MX Logic instead of directly to us," Schoettmer says. "They check it and forward the non-spam to us. Once we switched the MX Record to point to MX Logic, they immediately began blocking spam and storing it in their quarantine." Schoettmer and Burken were so impressed with the services results that they decided to use it on a full-time basis - a decision that has paid off.
"The solution has been extremely effective," Schoettmer says. "The only false positives I've had reported to me are from some credit card companies, and you can visualize how much advertising/marketing information is included in that type of e-mail."
Case Study Coseup
Company: United Fire & Casualty (Cedar Rapids, Iowa; $2.4 billion in assets).
Lines Of Business: Personal and commercial P&C.
Vendor/Technology: MX Logic (Denver) Email Defense Service.
Challenge: Implement an e-mail defense solution that blocks spam messages and prevents false positive identifications.