"Protecting the integrity of our clients' data is one of our top priorities, and we want to assure everyone that no personal data was comprised," Alflac media representatives said in a statement. "We have identified the source of the spam, and are working to rectify the situation."
Other companies admit that the spam problem can take off quickly even when solid protections are in place.
Security leaders with Steelcase, a publicly-traded office furniture manufacture, said that despite using technologies from Postini and WebSense, among others, to defend its 13,000 employees and IT systems from unwanted e-mail and other attacks, a single incident can quickly land your company's name on spammer blacklists.
Roughly a year ago, a visitor to the company connected an infected device to its network, which led to Steelcase unknowingly becoming a conduit for spam and become included by security researchers on the lists of suspicious IP addresses they advise people to block.
"In effect we ended up looking like a spam source because of one person, and we ended up on several blacklists, which caused problems for people trying to reach us because they subscribed to those lists," said Stuart Berman, security architect at Steelcase. "It really doesn't take much to put you in a painful position."
Spam also remains a serious headache on the incoming side, according to the security specialist. While Steelcase said that the technologies it has employed to filter e-mail, in particular Postini's outsourced message scanning service, have proven very effective, the sheer volume of unwanted e-mail that attempts to land on its servers is staggering.
Berman said that Postini, blocked more than 127 million spam messages before they could land in Steelcase employee's inboxes in 2006, compared to only 30 million legitimate e-mails that were allowed in. Based on those figures, roughly 80 to 90 percent of all e-mails sent to the firm are identified as spam, he said.
"We took action to look at all internal mail avenues and who is allowed to send mail out, and we can control that far more effectively today," said Berman. "We needed to do that because we want to keep our identity clean. It's important to protect your company's overall reputation in the outside world, and no one wants to be known as a spammer."
Some researchers maintain that it isn't just software vulnerabilities that are leaving the door open for spammers at large enterprises, but also a lack of understanding of the problem.
While most large enterprises have made significant investments in anti-spam technologies, some fail to follow very basic recommendations for battling spam, such as blocking unauthorized e-mail from being sent out of their systems at their network gateways, said Matt Sergeant, senior anti-spam technologist at software maker MessageLabs.
Another problem is that the advanced malware programs being used to hijack PCs and set up spambots are frequently circumventing anti-virus systems and other security products, he said.
"Anybody who thought that they had the spam problem under control in the past is probably kicking themselves today, and many corporations are struggling to protect their networks," Sergeant said. "The spammers are on top of the technology in terms of how to get malware onto desktops in such a way that anti-virus doesn't catch it, and companies need to do a better job of making sure their anti-spam policies are being enforced."