Gristede’s is the signature supermarket of New York City, a 100-year-old tradition providing exclusive food and deli services to a crowd of Manhattanites fiercely loyal to the brand. New Yorkers flock to any of 45 neighborhood Gristedes stores, and on any evening you are likely to see old ladies exchanging check-out wisdoms, celebrities searching for mops, and single men in three-piece suits buying frozen gourmet dinners.

What you won’t see are the thousands of customers worldwide who now order from Gristedes online. Customers benefit from an enterprise email network and a wireless warehousing/distribution operation that marries Gristedes foods with United Parcel Service (UPS) shipping.

“We have some very affluent people in the city whose butlers and maids order weekly grocery delivery,” said Don Winant, chief information officer (CIO) of Gristedes. “People who have lived here and moved away still order from us because they want a certain kind of Gristedes pasta sauce or macaroni, or a certain kind of ice cream. Depending on the perishability of the item, we ship any product anywhere in the world.”

In October 2006 the store was suddenly deluged with spam and phishing attacks that threatened to shut down its email ordering system. “Our email servers were spending so much time
[filtering] real email from the DOS that the queue was freezing,” says Winant. “We were getting 2,000 [spam] attempts a minute. It was so difficult we couldn’t turn off our spam filters or do real user authentication, and we were down for so long that we lost email to the outside world.”

To any supermarket, much less any small to medium-size business with Internet presence, loss of orders is anathema. Fortunately, Gristedes was able to defeat the spammers with a new email perimeter defense solution devised by San Jose, Calif.–based Concentric, an XO Web hosting and messaging company. The solution reduced spam from 60,000 to 70,000 messages a day to less than 8,000, more than 90 percent of which were legitimate, Winant said.

“The spammers were generating arbitrary email addresses at gristedes.com and generating every name possible, including Howdy Doody,” says Winant. “But about the same time, Concentric came out with a frontline of defense that would allow us to use our existing [email] service.”

Known as Perimeter Email Protection (PEP), the solution creates an anti-spam barrier around an
enterprise email infrastructure. User authentication and spam filters are implemented on a Concentric server positioned directly outside the perimeter of the enterprise email system, offloading the CPU burn time required to filter and bounce spam. In Gristedes’ case, the supermarket was already using a Concentric DNS (domain name system) service to handle Internet hosting, management and security services for the gristedes.com Web site. It was a comparatively small step to add the PEP service, which basically works by having customers upload a data file of legitimate internal users and their email addresses. The PEP server then authenticates all incoming mail against the file, acting as a filter to all public requests for services or email via the Internet. This frees the enterprise email server to complete its normal tasks.

“The problem Gristedes was facing was that its mail service was subjected to dictionary harvest attacks searching for legitimate users inside its domain,” said Nate Gilmore, a Concentric product, marketing and sales director. Concentric’s software-only solution “allows [Gristedes] to turn on certain protection options. The enterprise moves its email server behind our perimeter, changes a couple of DNS mail exchange records to make us primary, and we become the shield.”

Gristedes isn’t unique, of course. Email spam has reached epidemic proportions, with major attacks escalating since spam became a serious threat in January 2002, said Michael Osterman, president and founder of Osterman Research, a consulting firm focused on messaging and collaboration.
“Spam five years ago accounted for about 16 percent of the email messages flowing on the Internet, Osterman said. That percentage is now 75, with some corporations logging 90 percent spam on their enterprise email systems. And the cost of spam is prodigious. Nucleus Research revealed that U.S. businesses are spending $712 per employee each year in lost worker productivity due to spam. Each user devotes roughly 16 seconds to identifying and deleting each spam email, which translates to an annual cost of $70 billion to all U.S. businesses.

Although many companies are now in the anti-spam and email security business, among them Message Labs, MX Logic, Postini, ComTouch and others, “spammers are a smart enemy,” Osterman observes. “They continuously improve their spam, so it’s difficult to keep up and defeat it.”

For Gristedes, the PEP solution quickly foiled the spam, enabling resumption of a highly efficient email ordering and warehouse operation using mobile technologies. The anti-spam solution is inexpensive—$15 a month to protect 80 email accounts, costing Gristedes roughly $1 per user per month. Concentric also provides a backup email spooling and distribution system in case a customer’s email server fails, but the Gristedes server hasn’t failed once since the PEP was implemented in January 2007.

The PEP solution continues to work flawlessly, Winant adds. “This has been an absolute blessing. It was the right solution at the right time.” //