By now, you should have heard about the problems LinkedIn has had regarding user accounts being compromised, and the subsequent spam campaigns that followed this breach.
In a fashion typical to modern society, people are starting to overreact. Emails coming from LinkedIn detailing how a user can change his or her password are being sent directly to the user’s spam folder.
And in case you are wondering, this was no run of the mill corporate email blast. LinkedIn took care to insure that their emails didn’t look like spam. They addressed each recipient by name, they made sure that the messages were DomainKeys Identified Mail (DKIM) signed and the message did not contain any links.
“Over 4% of the people receiving this email thought it was spam and sent it straight to the bit bucket. If LinkedIn sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam — and still have a compromised LinkedIn password,” stated Alan Conway of Cloudmark Research.
So tens of thousands of people are running around while someone has free reign of their social network account that is supposed to reflect their professional life, not good.
But false positives happen all the time. In fact a story written by Sharon Gaudin for E Security Planet back in 2003 addressed the serious ramifications businesses face that are a direct result of the false positive problem.
Money being lost, customers being lost and opportunities being missed were the problems brought up in this article, but the truth is they are the same problems many businesses still face when it comes to blocking legitimate emails that are mistaken as spam.
Gaudin’s article referenced a study by Ferris Research citing that false positives cost US Businesses around 3.5 billion dollars in 2003.
In 2011, Osterman research made the claim that US businesses lost approximately 10 billion dollars due to this problem, if you look at the problem worldwide the cost rises to 40 billion dollars a year.
Since it is extremely rare to see a small or medium sized company is losing millions a year to false positives lets break the number down to just how much a typical business stands to lose. Osterman Research estimated that the typical organization lost approximately 230 dollars every year for each email user because of false positives.
That one account you were trying to close but missed out because you didn’t get back to the customer in time. The fee you had to pay because your company was late. Even those clients that just slipped through your fingers because they didn’t feel you responded to your emails quick enough. All of them could be attributed to false positives if the emails sent to you were inadvertently identified as spam.
But those are direct costs. How about all the time your staff spends searching for emails they know they should have received but somehow never arrived, only to find out later that they are sitting in the junk mail folder.
So for even a small sized operation with 15 employees you’re looking at an average bill of 3,450 dollars spent every year dealing with false positives. It may not seem like that much to some, but next time you have to forego a purchase or a raise for a star employee because you’re a bit short remember how much is being flushed down the drain with this one issue.
The sad part is, much of this can be solved with a reputable anti-spam solution that understands how to deal with false positives. And the 3,500 bucks could certainly go towards knocking down the price tag on that piece of equipment.
As the volume of email spam, phishing and email borne malware continues to increase, organizations are going to be forced to deal with these threats head on. This means that the amount of false positives, and the money spent dealing with them, is likely to increase as well. The same Osterman study also stated the fact that with today’s technology, the number of false positives can be reduced to 1 in 400,000 emails received.
The question remains however, is your organization ready to put the tools and policies in place to see those types of results?