No, they haven't found a cure for spam yet.

But until then, it's still a fight worth fighting. According to a March 2007 survey by Wellesley, Mass.-based Nucleus Research, two out of every three e-mail messages received on the job are unwanted or unsolicited. All that spam costs U.S. businesses $70 billion -- or $712 per employee per year in productivity alone, the same study estimated. And that's not counting the losses due to viruses, worms and Trojans it spreads, or the identity or trade secret theft it can cause.

What can a small or mid-sized business do, especially if your IT department is on the smaller side, too?

Here are some tips from the experts:

  1. Consider a Hosted Service: If you don't have the staff or the time to fight spam properly, perhaps a hosted service such as Google-owned Postini or MessageLabs is for you, suggests Joe Stewart, senior security researcher with SecureWorks, an information security firm based in Atlanta. Hosted services offer spam blocking, extensive anti-virus coverage, and disaster recovery services for about $100/month for under 100 users.
  2. Install a Good Spam Filter: SecureWorks' Stewart recommends some open-source filters, such as Apache's SpamAssassin. High Mountain Software's SpamEaterPro and CA Anti-Spam are among the many vendor-provided options that work well with a number of different email servers.
  3. Safeguard Those Addresses: Make sure the workers in your office are not using their work email address to conduct personal business, or for online shopping. Ditto for FaceBook, MySpace, or other social-network sites…spammers often look to these for new addresses. Also, discourage workers from signing up for newsletters with their work email address.
  4. Block Sender: Make sure all workers using Outlook and Lotus Notes know to right-click and 'block sender' on a piece of spam so that the sender cannot send anything else to that address, notes Mike Song, an email efficiency expert, corporate trainer, and CEO of Guilford, Conn.-based CohesiveKnowledge Solutions Inc.
  5. Take Out Website Links: 'Be careful how you list worker directories on your corporate website,' warns SecureWorks' Stewart. If you must list workers' email addresses, publish them inside Javascript, not as an email link, he suggests.
  6. Set a Spam Trap: Consider creating a fake employee profile, complete with bogus title and address, on the website. Monitor what e-mail comes to this 'employee,' since it is likely to be spam, suggests Stewart. Use it as a test of how well your anti-spam techniques are working.

By trying these steps, your business can have the upper hand in the war against spam. But diligence remains key: 'Remember that the spammers actively test the anti-spam software,' notes Stewart. 'You can't just install the software and have the problem go away.'

SIDEBAR: Where to Go for Spam-Fighting Help

Postini is a hosted solution that screens email for malware and spam and offers back-up and archiving services. It serves about 10 million end users.

MessageLabs is a hosted solution that screens email and instant messages for malware, spam and spim. It offers back-up and archiving services.

SpamAssassin is an open-source-based spam filter written in Perl. It can be downloaded free from the above website.

High Mountain Software's SpamEaterPro is a widely used spam-fighting software program. The company also offers a hosted spam-fighting product,

CA Anti-Spam is another popular anti-spam software product that includes anti-virus, anti-phishing, and other features.