Adam Biviano, premium services manager for Trend Micro, which offers a hosted "virtual gateway" solution, says a hosted service offering is the best solution because it is set up with best practice in mind. "Enterprises struggle to keep up to date, so by signing up for a service the problem is taken away," he says.

"To strengthen antispam solutions enterprises need to look at their own internal security policies to ensure they aren't publishing email addresses on their Web site and attracting spammers in anyway. By toughening up internal controls the antispam solution can fill in the gaps."

Biviano believes that legislation in Australia has been successful and is making it a hostile environment for spammers. He says the Spam Act also gives law enforcement a mechanism for prosecution and provides legitimate email senders with a framework in which to operate.

But for those managing the problem in-house, it's about having the right tools, according to former Packateer founder Robert Jones, who is the new ANZ regional manager at CipherTrust. The company provides a combined software and hardware offering that covers the secure content management (SCM) spectrum.

"It's not just about spam any more, the problem is much wider than that," Jones says. Not all messaging security threats are inbound. Solutions need to cover outbound threats also to cover compliance, intellectual property and theft of confidential information." Jones estimates 80 percent of corporate IP leakage is through email and points out that email is involved in 85 percent of corporate litigation.

The company offers a range of appliances for a layered approach which, one analyst says, may sound like overkill, but such a set up can be beneficial, particularly to large corporations that receive huge amounts of email.

"If you have to process for viruses, spam, and the like, using actual content filtering, it's extremely CPU-intensive," says Michael Osterman, president of Osterman Research. "If you can determine at the very beginning that you know the email is from an untrusted source, you can just drop the [IP] connection and eliminate all that bandwidth and storage."

From Bad to Worse

For vendors, the global secure content management market, which covers spyware, phishing and other malicious code, is worth some $US5 billion-plus. According to an IDC report into the SCM market from 2005-2009, financial gain is the number-one driving force behind the spam epidemic, with spyware and phishing attacks becoming incredibly sophisticated.

"The motive and intention of virus writers have changed," says Brian Burke, IDC (US) research manager, security products. "In the past, worms and viruses were typically created to destroy data by amateurs seeking notoriety. Today, more sophisticated attackers, often organized crime, are increasingly using worms and viruses to obtain credit card numbers, bank account information, and other personal information to perpetrate identity theft. IDC believes this profit-driven motivation will cause the number of attacks to increase in sophistication, frequency, and severity."

Email pipelines will continue to be a favourite target for malicious attacks at a time when IT departments are tasked with preventing information leakage, meeting compliance standards and ensuring networks, servers and inboxes are not clogged with spam. As much as 80 percent of email in circulation is spam and IDC believes that more than three-quarters of all corporate machines are infected with various forms of spyware.

Code of Practice

Australia has increased efforts to battle unsolicited commercial e-mail by introducing a code of practice for companies providing or enabling e-mail services.

Introduced in July this year, the Internet Industry Spam Code of Practice is designed to support the Spam Act of 2003.

Under the code, Internet service providers (ISPs) and other groups providing e-mail services will share responsibility for helping to fight spam. The companies must offer spam-filtering options to their subscribers, provide them with information about how to deal with spam, and have a process for dealing with complaints.

The new rules also set out how service providers must address the sources of spam within their own networks, including actual spammers and virus-infected "zombie" computers used to spread spam.

The new code applies to all 689 active ISPs in Australia as well as global e-mail service providers that offer services in Australia, such as Yahoo and MSN Hotmail.

The Australian Communications and Media Authority is calling the new set of rules "the first legislative code of practice for Internet and e-mail service providers in the world".

Although many other countries have antispam legislation, most of these measures place responsibility on the groups generating spam.