Dare to compare
Index
Anti-spam tools: comparing available solutions
In the fight against spam, all solutions can be classified according to one of the following three categories: solutions that work upstream from the network perimeter; those that work at the level of the gateway; and those that work directly on desktops. In each of these categories, several commercial products and services are available, each with its own technical characteristics, advantages and disadvantages.
Choosing an anti-spam solution is an important decision, as the protection of your company's work environment and the safety of its communications are at stake. To help you make an informed decision, the following table presents the respective features of various anti-spam solution categories.
| Cloud filtering | On gateways | On desktops | ||
|---|---|---|---|---|
| Cloud service providers | Blackboxes | Software on email servers | Software on desktops | |
| Must be compatible with the infrastructure and operating system | no | no | yes | yes |
| Must be compatible with the email server | no | no | yes | yes |
| Varies based on the number of users | yes | Slightly varies | yes | yes |
| Contract required | no | yes | yes | yes |
| Protects your network perimeter | yes | Partially protects | no | no |
| Blocks unwanted connections (70 to 90% of incoming emails), thus freeing up bandwidth | yes | no | no | no |
| The IT team must spend time managing the solution | no | Some time | Some time | A lot of time |
| Increases the load on users' resources | no | no | yes | A lot |
| Centralized management | yes | Depends on the product | Somewhat | no |
| Provides built-in redundant protection | yes | no | no | no |
| Stores incoming email if the customer's server goes down | yes | no | no | no |
Cloud filtering solutions (aka managed email)
Cloud filtering solutions are based on the principle of filtering emails before they reach the customer's server, which is why they are sometimes called upstream
. These solutions also liberate clients from all management tasks, which is why they are also referred to as managed services
. The email's path is redirected through a cloud-based filtering station
before it is delivered to the customer.
The process is quick and easy. All you have to do is change your MX records so that emails are sent through the provider's cloud filtering facilities before being sent to your gateway. Some Cloud filtering solutions only filter spam; some also filter viruses; others filter all unwanted content.
Cloud filtering solutions offer many advantages:
- They lighten the load on bandwidth by blocking at least 70% of connections and relieving the customer's server (processor, RAM, space) without creating an additional burden on users' desktops.
- They are like a shield that protects the customer's network perimeter from spam attacks (DoS, DDoS, waves of viruses, targeted attacks, etc.) and hides the customer's server IP address.
- They are incredibly quick and easy to activate and require no changes to users' desktops and no installation.
- They are completely transparent and may be activated on all email servers, regardless of the type and version (Microsoft Exchange Server, Lotus Notes, Groupwise, Kerio, Postfix, Sendmail, Qmail, Exim, etc.). They are also compatible with all types and versions of operating systems (Microsoft Windows, Apple MacOS, GNU/Linux, Unix, BSD and others).
- They free up network administrators, as they require very little or no management.
- They prevent the loss of email should the customer's server go down.
- They require no capital investment.
- They adapt to your changing needs. If you suffer a spam attack, or if the number of your users increases, you don't have to change anything.
That's why an increasing number of businesses (such as Merryl Lynch, McDonalds and Reebok) and public and semi-public organizations (such as SAQ and Telefilm Canada) are turning to this type of solution.
Blackbox
solutions
Examples: Barracuda, Tumbleweed, Cyphertrust, Europa, etc.
Blackboxes are relatively easy to install and using them does not create an additional load on your email users' desktops. What's more, since they process emails before they reach the email server, they prevent needless overloading caused by spam. In general, blackboxes are sold as dedicated devices installed in the clients' offices. Some Web hosts buy a blackbox to filter the emails of customers who use their email hosting service. Usually, the technical support for customers who use this type of service is not up to par.
Disadvantages:
- The customer is responsible for installing, configuring and updating the solution.
- Since emails are directed to the blackbox, they needlessly burden the bandwidth.
- The purchase of a blackbox requires a significant investment. If customers are subsequently not satisfied with the solution's effectiveness, they may be reluctant to look for an alternative solution. Nevertheless, some clients disconnect their blackboxes and decide to adopt a different solution, thereby loosing their capital investment.
- After purchasing a blackbox, you still have to continue paying for the subscription to receive updates.
- Blackboxes do not provide built-in redundant protection. Since they accept emails before they reach the customers' server, if they malfunction, clients will not receive their emails until the device is repaired or replaced. The only solution to this problem is to implement redundancies by purchasing two blackboxes. The initial cost therefore doubles. Some providers offer a 24-hour hot replacement service that customers may subscribe to for a fee. In the best case scenario, the customer may be without email service for 24 hours.
- Configuring certain blackboxes requires a great deal of time and may raise delicate confidentiality issues, since, in order for the statistical filtering engine to work, you must manually classify a large number of legitimate emails. Incoming emails will then be compared with this valid email database to determine whether they are suspicious. Who has time to do this? Who can you trust to read and classify all these messages?
- If a company that uses a blackbox expands following a merger, an acquisition or ventures into new markets, or if the business is victim to a spam attack, the blackbox may no longer be adequate and the companies may need to purchase a higher scale version. Once again, the businesses will have wasted the capital invested.
- Blackboxes must have an IP address and must be installed in a rack. They use 1,500 watts of electricity and increase the need for air conditioning.
Software installed on the email server
Examples: GFI, Brightmail, Gwava, Modus Gate
These software solutions are usually installed either like a transplant, or as a software gateway between the Internet and the customer's email server.
While these solutions offer administrators the advantage of centralized management, they also have the following disadvantages:
- Since it is installed on your server, the filtering software uses resources (processor, RAM, disk space). What's more, spam continues to enter the network perimeter and to needlessly waste bandwidth.
- Anti-spam software installed on desktops require occasional maintenance and regular updates. These tasks increase your IT team's workload.
- These solutions are not very flexible. The selection of software depends on the model and version of the email server used by the customer. The gateway's operating system must also be taken into account.
- This lack of flexibility decreases the customer's leeway. If clients change operating systems or email servers, they will, at best, have to reinstall and update the filtering software, or, at worst, have to completely change the filtering software.
- Because these filtering software solutions are installed on the customer's email server, they may make it vulnerable to hacking. For example, if an update was required after discovering a vulnerability in the software and if, for some reason, the update was not properly installed, this weakness could be exploited by spammers.
- If a company that uses email server software expands following a merger, an acquisition or ventures into new markets, or if it falls victim to a spam attack, the software may no longer be adequate and the business may need to purchase a more effective version or upgrade their licence.
- Purchasing software requires significant capital investment. To use this software, customers must adhere to at least a one-year subscription. If they are subsequently not satisfied with the solution's effectiveness, they will have to look for an alternative solution, thus wasting the capital invested.
Software installed on desktops
Examples: Spam Agent, Kaspersky Security Suite, Norton Inernet Security
While these solutions may be appropriate for individuals or small businesses that do not have their own domain names, they do not adequately meet the needs of SMEs, let alone large businesses. These solutions provide too little protection, and too late.
Disadvantages:
- The cost of these solutions is usually prohibitive for businesses with fewer than 20 employees.
- Installing and configuring these software solutions on each desktop takes a great deal of time.
- The effectiveness of thess software solutions is limited, and the administrators often have to tweak the filtering rules and add new rules to adapt the solution to their needs.
- These solutions are not very flexible. The selection of software depends on the model and version of the customer's email server. The desktop's operating system must also be taken into account.
- These software solutions use resources (processor, RAM, disk space) not only on the email gateway, but also on all the desktops.
- The customer is responsible for purchasing and renewing licences.
- Most of these software solutions do not offer centralized management, which means that the administrators and email users must manage the solution. What's more, if the solution does not offer centralized management, each time a new employee joins the team, the software will have to be installed and configured on the employee's desktop.
- Users of this type of software solutions must learn to
manage
their own spam. - The purchase of software requires significant capital investment. To use this software, customers must adhere to at least a one-year subscription. If they are subsequently not satisfied with the solution's effectiveness, they may turn to an alternative solution, thus wasting the capital invested.
Comparative Table: Commercially Available Solutions *
| Brand name | Filtering effectiveness | False positive rate | Engine | Anti-virus | Approximate cost (CAD) |
|---|---|---|---|---|---|
| ZEROSPAM | 96.8% | 0.001% | Proprietary + Cloudmark + SpamAssassin + Bayes | ClamAV | Between $0.55 and $3.15 / user / month based on the total number of domains and users |
| Cloudmark | 93.0% | 0.4% | Cloudmark | No | $399 per year / 10 users |
| Commtouch | 97.0% | 0.003% | Commtouch | No | Between $13 and $20 / user / year |
| Clearswift | 94.0% | 4.1% | MIMEsweeper | No | $30 / user / year |
| iHateSpam | 96.2% | 2.4% | Sunbelt and/or Cloudmark | No | $20 / user / year |
| MX Logic | 96.1% | 3.0% | MX Logic, Brightmail | WormTraq McAfee, Sophos | $1.75 / user / month |
| Barracuda | 94.0% | 0.3% | SpamAssassin | ClamAV | Between $1,499 and $8,999 per device + between $1,919 and $2,399 annual subscription fee. Approximate lifespan: 3 years |
| IronPort | 94.4% | 0.4% | BrightMail | Sophos | 1,000 users: $9,995. Approximate lifespan: 3 years |
| Postini | 97.0% | 0.08% | Postini | Yes | Up to $30 / user / year |
| Sophos | 90.0% | 0.4% | PureMessages | Sophos | $40 / user / year |
| Symantec | 93.0% | 0.16% | BrightMail | Symantec | $25,900 for 1,000 users Approximate lifespan: 3 years |
| McAfee | 95.0% | 0.04% | SpamKiller | McAfee | $17.10 / user / year |
| GFI | 98.0% | ? | Bayesian | ? | Between $1,195 and $3,525 for 100 users + annual licence fees |
* Sources :
- XPM Software, Competitive Analysis
- Evaluation carried out by CRIM, 2006
- Spam in the Wild, Network World. December 20, 2004
- A Comparative Analysis of Leading Antispam Solutions. Osterman Research.