Alot of anti-spam products are on the market now, and the list is growing quickly. While the market is starting to see some large antivirus and security companies buying small anti-spam entrepreneurs, there is still room for innovation, and small players can still play a part by keeping the larger companies from getting complacent. Note that many of the products listed here have won awards from various organizations. While the kind of award won and from whom can provide some insight into the product, I never take them very seriously, and rely on independent reviews for comparison.
McAfee has taken an interesting approach to how it acquires spam-filtering technology: It’s licensing a mature open source software product called SpamAssassin. This is a host-based (loaded onto the mail server itself) solution for either Microsoft Exchange or Lotus Domino servers, which is interesting, considering that SpamAssassin was originally written for UNIX.
Feature :
2.MailFrontier Gateway Server
www.mailfrontier.com
MailFrontier is the only company I’ve seen that correctly identifies phishing as a separate category of bad e-mail from spam, and deals with it in a completely different way than it deals with regular spam. Incoming e-mail can be classified as fraud, rather than just spam, when that label applies. Combining this with integrated virus scanning and e-mail policy enforcement makes MailFrontier Gateway Server an interesting all-in-one appliance.
MailFrontier has also given considerable thought to the user experience and provides a number of tools to make spam filtering individualized, both with personal whitelists and blacklists and how aggressively to handle potential spam based on category and language. Like some other products, MailFrontier Gateway Server delivers a spam digest, which is basically a listing of recent spams received that gives you the option to click links in the e-mail to receive false positives. The product also provides direct Web access to the quarantine, in case a user doesn’t want to wait until the digest is sent out to receive a false positive.
3.Trend Micro Spam Prevention Solution
www.trendmicro.com/en/products/gateway/spam/evaluate/overview.htm
The Trend Micro Spam Prevention Solution is interesting in that it’s packaged as an in-house version of the software used by an all-ASP provider – Postini. From some reports, the same software Postini uses in its ASP doesn’t do quite as good of a job in this in-house version, due to local tuning versus Postini’s professional tuning based on vast spam-filtering experience. This gateway solution allows administrators to assign different spam-filtering sensitivities to specific user groups, so that groups such as IT can receive things like activation keys (which always look like spam because they are short and full of junk that doesn’t look like normal text), and other groups can remain more protected.
Trend Micro has an excellent gateway virus scanner with support for more than just Windows as a platform, which might be helpful if you are not using a strictly Windows environment. The company’s continued support for Solaris and Linux with this product means that you can integrate your spam filter with mature virus scanning software on whatever platform you are comfortable with.
Feature :
4.Brightmail AntiSpam 6.0
Brightmail started out as a small company with a good idea and was recently purchased by Symantec to extend its scope of security and antivirus products to include spam filtering. One of the more interesting aspects to Brightmail AntiSpam is that Symantec maintains a network of 2 million-plus decoy e-mail addresses that are used to train and extend spam-filtering rules for Brightmail AntiSpam users. The decoy network extends over 20 countries and receives tens of millions of spam e-mails each day. Brightmail AntiSpam also has a feedback mechanism built in to allow users to submit missed spam (false negatives) back to Symantec to further improve the filters.
Brightmail AntiSpam updates the filters for you about every ten minutes (wow!), based on Symantec’s analysis of current conditions, via a secure connection to its four operations centers worldwide. In theory, this provides very current filter rules and makes it hard for spammers to defeat your protection for more than a few minutes.
Feature :
5.Tumbleweed MailGate
www.tumbleweed.com/products/
For part of its spam filtering, MailGate uses a proprietary artificial intelligence technology that the company calls Intent-Based Filtering. According to Tumbleweed’s literature, this technology “recognizes spam like a human reader would.” That should work fine, until spammers start sending spam about bigger, better interfaced RAM. The other part of MailGate’s filtering is the more traditional approach, using matching based on known spam to block stuff that’s already been recognized as spam. Tumbleweed has taken time to deal with a problem that many spam filters have: classifying legitimate bulk e-mail (like newsletters that you have optedin for) as spam. MailGate allows individual users to decide how to handle bulk e-mail, and hopefully eliminate the false positives for newsletters and other opt-in bulk e-mail sources.
Feature :
6.Postini Perimeter Manager
www.postini.com
Postini is a well-established spam-filtering ASP. It offers two different solutions that interest most businesses: the Standard Edition, which is the basic inbound filtering of spam and viruses, and the Enterprise Edition, which includes outbound content and attachment and virus filtering as well. Postini is privately owned and funded, so it’s hard to look at the company’s internal resources in terms of stability or long-term viability, but the company has enjoyed steady growth since 1999 and boasts 5 million users as of first quarter 2004, processing 1 billion e-mails per week. It’s hardly a garage startup.
Postini doesn’t publish information regarding its service infrastructure, so it’s also hard to say anything about redundancy and global coverage. Any serious look at an ASP solution should include a look at how many data centers are available and how scattered around the globe they are. You don’t want a single site catastrophe to interrupt your inbound e-mail, and a highly redundant, globally dispersed infrastructure ensures this doesn’t happen.
Feature :
7.CipherTrust IronMail
www.ciphertrust.com
The IronMail appliance is a pretty complete e-mail security appliance, which includes more than just filtering spam and viruses. IronMail offers “policy and content compliance,” which includes the following:
Feature :
8.FrontBridge TrueProtect Message Management Suite
www.frontbridge.com
FrontBridge TrueProtect Message Management suite is an ASP solution with a major emphasis on stability and availability. FrontBridge has seven datacenters worldwide currently, with plans to open four more. Its service guarantees include 99.999 percent availability, with 100 percent availability to date.
TrueProtect spam filtering is based on proprietary algorithms that do blacklisting, fingerprinting (comparing current mail to known spam directly), and rules-based scoring. Like all the other ASP solutions and some of the gateway products, FrontBridge relies on information gathered from the billions of spams that it filters to block the few thousand headed for you.
To ensure that you don’t miss e-mail that’s important to your business, TrueProtect processes outbound mail, too. If you choose to send your outbound mail through FrontBridge, the solution learns that those people you are sending mail to are most likely not spammers when it sees mail coming back from them. This means your whitelists are at least partly automatically generated. FrontBridge virus scanning employs scanners from Sophos, Symantec, and Trend Micro so that it doesn’t have to worry about who has a signature for the newest virus first. Whoever wins the race that day is put in place for virus scanning.
Feature :
9.Sophos PureMessage
www.sophos.com/products/pm
Sophos wins the prize for the most platforms supported by an integrated solution, though for some reason its UNIX support seems slightly better than Windows. (For UNIX, I see support for personal whitelists and blacklists, but this support doesn’t appear to be available for Windows.
PureMessage handles the disposal of spam somewhat differently from most other products: It allows administrators to discard, quarantine, modify subjects, or add hidden headers based on a calculated probability that the specific message is spam. Based on this, a sophisticated internal mail system could have multiple quarantine areas: One with messages that are most likely spam Another for messages that are probably spam but that a user might want to examine for false positives from time to time.
Feature :
10.Proofpoint Messaging Security Gateway
www.proofpoint.com/products/msg.php
Proofpoint offers modular mail protection services either as a software package running on a provided hardened Linux OS with the Messaging Security Gateway, or as an appliance in the Protection Server. The Proofpoint solution really wants to be on the edge of your network (outside of the firewall, where other mail servers connect directly to it), in order to perform some of its connection-based testing. For example, Proofpoint does DNS and MX-level checking on the connection and on the From: address, as well as a dynamic check with its own database of known bad senders (basically, a private real-time blackhole list). The other interesting thing about this solution is Proofpoint’s “corporate lexicon” adapter that allows you to adapt the solution’s checking to your particular industry. That’s handy if you happen to be in certain industries that have some relationship to products typically sold by spammers, such as home loans or prescription medications.
Feature :