The widespread use of email has provided hackers and crackers with an easy way to distribute harmful content to the internal network. Hackers can easily circumvent the protection offered by a firewall by tunneling through the email protocol, since it does not analyze email content.
CNN reported says that the MyDoom virus cost companies about US$250 million in lost productivity and tech support expenses, while NetworkWorld (September 2003) cited studies that placed the cost of fighting Blaster, SoBig.F, Wechia and other email viruses at US$3.5 billion for US companies alone.
Furthermore, email is also used to install Trojans, targeted specifically at your organization to obtain confidential information or gain control of your servers. Described as "instructive viruses" or "spy viruses" by computer security experts, these can be potent tools in industrial espionage. A case in point is the email attack on Microsoft's network in October 2000, which a Microsoft Corp. spokesman described as "an act of industrial espionage pure and simple". According to reports, Microsoft's network was hacked by means of a backdoor Trojan virus maliciously emailed to a network user.