11 Anti-spam Products Tested

An anonymous reader writes "When we achieve world peace, that's when we'll get the perfect anti-spam solution. In the meantime, ZDNet has a comprehensive review of eleven of the latest anti-spam products including solutions from BitDefender, Clearswift, CA eTrust, GFI, IronPort, MailGuard, McAfee, MessageLabs, NetIQ, Network Box and Symantec Brightmail."

SpamBayes?

[opusman]

Seems like a glaring ommission.

Re:SpamBayes?

[Umbral+Blot]

Has anyone tried using all 11 on top of each other? Or would you kill too much of your desireable email. I am using Thunderbirds default spam filter, and the only span I see are ads from b&n and other online stores where I shop (still highly annoying). This is not an excuse to try to give me spam. I am fairly liberal with the distribution of my email address, I work on sourceforge after all, so what I am i doing right that others are not?

Re:SpamBayes?

[snorklewacker]

Er, the glaring omission would be any mention of the effectiveness of any of these products. Am I not clicking on the right links? Because I'm seeing less than a page worth of review for each product, that seems to consist of installing it, clicking around the admin interface, then going on to the next product. It doesn't appear that they actually used the products they were reviewing!

Re:SpamBayes?

[LnxAddct]

IIRC, SpamAssassin once properly trained and configured has yet to lose against any commercial or foss spam solution. DSAM is another amazing FOSS spam filter that could go up against the best of commercial products. But as another poster pointed out, FOSS doesn't advertise on their website unlike the 11 products reviewed.
Regards,
Steve

Re:SpamBayes?

[Jason+Mark]

Well they make up for not testing effectiveness by this fun little line: Please note that these decisions were not based on accuracy testing. Duh! I imagine they test stereo systems without audio output and simply look at the box and the colors of the LCD?

but I WANT spam...

[Vthornheart]

you insensitive clod!

Re:but I WANT spam...

Of course you do. It's the only time someone mentions "penis" to you without breaking into fits of laughter :-)

Yawn - No OSS

[OnceWas]

Where are the OSS products? No Spamassassin?

Some review...

Re:Yawn - No OSS

spamassassin is definately used by messagelabs, gfi, and mcafee in part or in whole. If you poke around you can find information about it.

Re:Yawn - No OSS

[OnceWas]

And yet - if true - this (and OSS) gets no mention in the review.

And nobody on the review team thought of this?

Re:Yawn - No OSS

[EnronHaliburton2004]

Hey everyone, don't like the article? Let them know through the Talkback feature.

Re:Yawn - No OSS

[kaustik]

For a Sys Admin at a 100% Microsoft shop (me), do you have suggestions for a FOSS implementation that will play well with my Native mode 2000/Exchange 2000 domain? I can build up a linux server on very moderate hardware if I can prove to my office that it will perform. The solution would need to provide some sort of user interface for managing whitelists/blacklists/bayesian/etc... Also sorting by folder in the Exchange environment. Probably dreaming here, but worth a shot. I don't have huge amounts of time to research/test, so would appreciate imput.

SpamAssassin

[AnotherFreakboy]

I wonder why they didn't mention SpamAssassin. Open Source solutions will never gain the market share they deserve if media never gives them the attention they deserve. And the media will never give them attention until they get market share. It's a deadly cycle. Note: Open Source does not inherently make a product worthy of market share.

Re:SpamAssassin

[RealAlaskan]

Open Source solutions will never gain the market share they deserve if media never gives them the attention they deserve. And the media will never give them attention until they get market share.

How about:

``Open Source solutions will never gain the market share they deserve if media never gives them the attention they deserve. And the media will never give them attention until they [the Open Source solutions] start spending big bucks advertising with the media''.

No chicken-and-egg stuff here: I would bet that ZDNet is following thier long-standing policy of reward^H^H^H^Hviewing their advertisers' products.

Re:SpamAssassin

[Mowog]

And the media will never give them attention until they [the Open Source solutions] start spending big bucks advertising with the media

That's not strictly true -- it depends on who the intended audience is. Technology & Business Magazine is (also) a print publication here in Australia, whose audience is primarily IT managers (and therefore businesses).

Most businesses want to BUY something to fix their spam problem and not try to fix it themselves. There are exceptions to that rule, but by and large IT managers are already busy enough and just want someone or something else to fix their spam.

I know this because my company (MailGuard) is one of those in the review. And no, we don't spend huge $$$ on advertising with ZDnet; we were invited to submit for the review, as I imagine were all the other vendors. Remember -- there are two worlds out there. Businesses will often recognise and implement Open Source solutions, but businesses also like to engage other businesses to handle non-core problems for them.

SpamBayes...

[John+Miles]

... unlike the other products reviewed, doesn't advertise on ZDNet.

Spamassassin+Sendmail

[Limburgher]

Between Spamassassin and Sendmail using a few blacklists, I get almost no spam. Based on my logs from the past week, I've blocked nearly 500 messages. Not bad when you consider I run a small server with few users.

Uhh

[pHatidic]

Why not just use thunderbird, it already has pretty good anti-spam capabilities in it to begin with and it's free and open source. I will admit I only installed it a few hours ago so I haven't been using it very long. The reason I installed it was because Eudora for OS X was very slow and for some reason was deleting my newest email every time I tried to download new email. Thunderbird is extremely fast, has better features, no popups, and is free. So far I have encountered no bugs, except some of the spam filtering features were a little unintuitive so I had to try them all out to see what did what.

Re:Uhh

[alen]

this is for server side anti-spam products. some people want to stop spam before it gets into the email system

you can do it yourself... for free

[jjeffries]

Let me just take a moment to say that sa-exim kicks ass. It stops your spam before SMTP accepts it, so no mail is ever deleted. Exim is about the most configurable piece of software there is, and who doesn't know about SpamAssassin?

Alternately, check out MailScanner for one-stop mail sanitization, virus checking, and spam filtering.

Re:you can do it yourself... for free

[Mr.Ned]

On OpenBSD, take the even better approach than rejecting spam straight up: use pf to route SMTP connections from known spammers to the spamd tarpit. Make them transmit the message at 1 character per second, and then given them 4xx "Try again later".

BOFH-grade products.

[Tackhead]

> eleven of the latest anti-spam products including solutions from BitDefender, Clearswift, CA eTrust, GFI, IronPort, MailGuard, McAfee, MessageLabs, NetIQ, Network Box and Symantec Brightmail.

How can this list be considered even remotely complete? What about the personalized Louisville Slugger, the noble etherkiller and (for your Tier 1 types who work in volume) the 1200-bung-per-hour-rated Jarvis Sow Bung Dropper?

Oh, wait, this is a review of anti-spam products, not anti-spammer products. Never mind.

Xwall rules

[alen]

We use Xwall where I work. It's $349 and you get free lifetime support and upgrades. And with the new greylisting feature 99% of all spam is stopped.

Spam "products"

It seems that many people these days now just look to pick up a pretty box at the store to help deal with spam. However, anyone who does this must not get important e-mail. I, for one, don't want my e-mail being filtered by some proprietary application like mcafee with limited configurability and disclosing details on how it works for "trade secret/IP" reasons. If it's an ip blocking service, I want statistics and to know how IPs get on it. If it's something statistical, I want to know exactly what it does. It is very dangerous to let your correspondence get picked apart by a "black box."

ZDnet = paid promotion

Notice there are no free products listed. If you "contribute" some ad revenue to ZDnet, they'll look at/write about your product. Otherwise....

...ZDNet reviews products for WINDOWS

[Rick+Zeman]

...and serious admins aren't exposing Windows to the internet to accept mail. But that's ZDNet for you....

Re:...ZDNet reviews products for WINDOWS

[SpiffyMarc]

Hopefully most of them!

Postfix gateway + Exchange 2003 server = corporate email bliss.

Results

[Jugalator]

Some people just go to the last page anyway :-)

Software winner: Symantec Brightmail, for ease of installation, configuration and administration as well as an excellent user interface and detailed "live" graphical reporting it would be hard to surpass these features.

Managed Service winner: Network Box, if security is a concern then Network Box has the bases covered, if availability and redundancy are your preferred choice then a trial of either MailGuard or MessageLabs may be on the cards.

Appliance winner: IronPort, strong security, redundancy and recently developed ease of installation with the new GUI make this appliance the choice in this review. For those with a tighter budget then perhaps one of the McAfee WebShield appliances may be considered and are still very worthy contenders.

No POPFile?

[PhrostyMcByte]

Before I moved to Gmail I used POPFile. Not only as a spam filter, but to classify mail into categories. After a week of training it almost never got anything wrong.

Re:No POPFile?

[JohnGrahamCumming]

And POPFile's new IMAP module lets you still use POPFile with Gmail and as well as getting spam filtering you can use POPFile's general sorting mechanism.

John.

Re:No POPFile?

[MurphyZero]

After training, POPFile does a pretty good job of recognizing the difference between spam from friends and spam from spammers...which unfortunately is most of my email. About a 99.2% success rate overall with 5 categories instead of just 2. Pretty good program.

Is this for real?

[JumboMessiah]

When being initially trialled/evaluated we would expect most anti-spam applications to run around 65 percent to 70 percent spam catch accuracy with very low to zero false positives in "default" or "out of the box" configurations. Then, once given the benefit of being "tuned" or "tweaked" and having localised white and black lists applied they should run at about 85 percent to 92 percent

I don't know about everyone else, but I'd expect a little more out of a product that costs thousands to implement. With a little research and dedication my SA 3.0.1 setup has no problem spanking those numbers.

I'm also assuming that none of these products produced extremely stellar results. The article never mentions any statistics based upon corpus runs for any of them. This is nothing more than TLA eyecandy...

I use none of these, and still get no spam

[wizardNinja]

huh...I dont get spam because i dont give out my email to any random person/site, etc...And if i need to give out an email, i have a couple of yahoo emails that are pretty disposable... Actually, i dont really get any mail at all...yeah... My roommate (college) gets lots of viruses. I cleaned up his comp one day and discovered a virus which had installed with his permission. It was actually in Add/Remove programs (windows). It had a readme file that said that it had installed after the user clicked OK to allow it. Yeah.. So Funny...

Free?

[wk633]

Lots of free things mentioned like SpamAssasin.

My company uses mxlogic.com. $1.25 per mailbox per month. At 60 people, that's WAY cheaper than my time to administer anything. I havn't heard a peep of a complaint from users after switching. Before were using a device (eSafe by Alladin systems). It was taking up to an hour/day of my time. And it wasn't free.

Just remember to include admin time when working out 'free'.

Brightmail works great

[Burdell]

I work for an ISP, and we've been using Brightmail since before version 1. We use the MAPS DNS blocklists as a "front-line" defense and then Brightmail for spam and virus filtering. You can see our email statistics here.

I wrote the original sendmail milter interface to Brightmail that they derived their milter software from. We still run my milter because I've added additional options over time; Brightmail includes an SDK that you can use to interface to custom setups easily.

Re:Brightmail works great

[bigbadbob0]

I was surprised that it wasn't mentioned in the write-up that IronPort appliances use Brightmail.

They Forgot...

[eno2001]

...the Barracuda Spam Firewall. It's easy to set up, and it "just works". There is also ASSP. I don't have the linkage right now though...

Re:IM better than that

[eclectechie]

thats why its good antispam - cos i have to approve everyone on my list ;)

You can do that with email, too; block everything not explicitly whitelisted.

IM has no advantage here.

What we really want to see:

11 Anti-spammer Products Tested

The test is stupid!

This review does not actually test the ability of the software to catch spam. It is just a beauty contest.

MailScanner!

[prandal]

MailScanner is a brilliant piece of work which integrates Sendmail/Postfix/Exim/whatever with SpamAssassin (plus Razor/Pyzor/DCC) and ClamAV/BitDefender/Sophos/Mcafee/etc, all driven by highly customisable rulesets. It's open source, support via the MailScanner Mailing List is second to none, and its author, Julian Field, is always improving an already excellent product. I cannot recommend it highly enough.

The ratings all in one place

[Umbral+Blot]

Product :BitDefender v1.9 for MS Exchange2003

Interoperability: 2.5 Futureproofing 3 ROI 4.5 Service 4.5 Rating 3.5

Product Clearswift MIMEsweeper for SMTP 5.0

Interoperability 3 Futureproofing 4 ROI 4 Service 2 Rating 3.5

Product CA eTrust Secure Content Manager v1.0

Interoperability 4 Futureproofing 3.5 ROI 3.5 Service 5 Rating 4

Product GFI Mail Essentials v10.1

Interoperability 3 Futureproofing 3.4 ROI 4 Service NULL Rating 3.5
Product IronPort C30

Interoperability 3 Futureproofing 4.5 ROI 3.5 Service 4 Rating 4
Product MailGuard

Interoperability 3 Futureproofing 4 ROI 4 Service 3.5 Rating 4
Product McAfee SpamKiller & WebShield

Interoperability 3 Futureproofing 3.5 ROI 3.5 Service 4 Rating 3.5
Product MessageLabs AntiSpam Service

Interoperability 3 Futureproofing 4 ROI NULL Service 3.5 Rating 4
Product NetIQ MailMarshal SMTP 6.0.3.8

Interoperability 4.5 Futureproofing 4 ROI 4 Service NULL Rating 4
Product Network Box Internet Threat Prevention System

Interoperability 3 Futureproofing 4 ROI 5.5 Service 5 Rating 4
Product Symantec BrightMail AntiSpam 6.0.1

Interoperability 4 Futureproofing 4.5 ROI 4 Service NULL Rating 4.5

It looks as though Network Box Internet Threat Prevention System did the best. Several items have NULL in a category beecause the editors did not have enough information to rate the product on in that area. This post brought to you by Centum because my average charachters per line were too low. You know how silly that is?

*Not* accuracy tested

[x3ro]

Please note that these decisions were not based on accuracy testing

So - exactly why would anyone waste more than two seconds on these reviews? Just so we can find out what they think of the GUIs and how easy they are to install .. without an analysis of how effective they are at blocking spam? What crap.

The catch...

[Jayde+Stargunner]

The other noteworthy point of the last page is the absolutely ridiculous statement of, "Please note that these decisions were not based on accuracy testing."

I'm sure everyone is just amazingly psyched about an "ultimate" anti-spam guide that makes no effort to determine if the products they are reviewing (let alone proclaiming as the "winner") actually stop spam.

Of course, I guess this kind of article is developed to benifit CIOs with no technical experience, who just want something to tell the IT department to install. (Thus: price and ease of installation are far more important than it actually doing what it is supposed to.)

Freeware...

[vitalyb]

They also ignored any kind of freeware, not only Linux ones, SpamPal for example.

Also, their reviews were pretty shallow, I would expect at least to know how am I to connect to this spam filter, there are numerous ways, some better, some worse.

It's a Beauty Pagent

[R_Harrold]

That is what this article is. It fails to address some of the most significant issues to be considered when selecing an anti-spam product: 1. What percentage of incoming SPAM does it catch? 2. What percentage of the messages caught were "Non-SPAM" messages? 3. What is the message volume the product can handle? Instead they gloss over catch rates and false positive rates with a "Everything does a similar job" type statement. FALSE. I just spent the past 8 months evaluating anti-spam solutions for my workplace and they are not all the same when it comes to spam catch rates. I don't really care how pretty it looks or how easy it is to install. Nor do I give a hoot about the buzzwords a particular product incorporates, give me the spam blocking accuracy and the volume it will handle. It is all fine and dandy to ignore volume when you are running a 200 user ISP, but when you get up to 50000 users with over a million messages a day it becomes slightly important. Robert H. Houston, TX

Testing?

[Grey]

This does look like a test to me. It look like a bunch of marketing speek.

We did not perform any "official" accuracy and performance testing on the products. We set the programs up in modes to test both controlled and live messages, however the results of these brief tests would just add more confusion to the mix than anything and certainly didn't show any unexpected results.

or the MS exchange 2003 only product got 2.5 stars and many others got 3?

Every product review is like, it installs easily, and quickly. So what, are you as sysadmin or moron?

A test should give performance facts like false negative and false positive rates. This is nothing but a bunch of marketting crap and should not be posted.

ASSP website

[heavyboots]

http://assp.sourceforge.net

Been using it for a little over a year now and it rocks. We receive something like 10,000 emails a day--%70 of which is spam. Of those, perhaps 20-30 spam messages actually get through, which is pretty good. Also features extremely low false positives. I'm only aware of perhaps 3 during the course of the entire year. A valid user from a valid domain should get a bounce-back message explaining that their message was rejected as spam-like with brief instructions on alternate methods of contacting us.

1.09 is the version I'm running. 1.1.0 is the latest version with 1.1.1 coming soon. They are still ironing out some stability issues in the 1.1.1 version.

Not quite "ultimate" ...

[Titusdot+Groan]

Missed all the open source products (SpamBayes, SpamAssassin, etc.).

Missed all of IronPort's competitors (BorderWare, Barracuda, CipherTrust).

Missed Postini, the managed Spam services leader.

I'd start with MetaGroup, Gartner or somebody like that to get a list of what the options really are ...

send them feedback

[dingfelder]

Don't just grumble, do what I did and send them feedback. Send a note to zdnet sales@zdnet.com.au ads@zdnet.com.au or printsales@zdnet.com.au or abigail.baker@zdnet.com.au sally.slarke@zdnet.com.au CC the author/editor: edit@zdnet.com.au While you are at it, CC the manager of RMIT IT Test Labs who did the testing: stevet@rmit.edu.au Orif you want, post zdnet feedback to the article: http://www.zdnet.com.au/insight/software/talkback. htm?PROCESS=post&AT=39172027-39023769t-1000010 2c

doh (Re:send them feedback)

[dingfelder]

sorry for the poor formatting before folks

Don't just grumble, do what I did and send them feedback.

Send a note to zdnet
sales@zdnet.com.au
ads@zdnet.com.au
print sales@zdnet.com.au bigail.baker@zdnet.com.au sally.slarke@zdnet.com.au

CC the author/editor:
edit@zdnet.com.au

While you are at it, CC the manager of RMIT IT Test Labs who did the testing: stevet@rmit.edu.au

Or if you want, post zdnet feedback to the article:
http://www.zdnet.com.au/insight/software /talkback. htm?PROCESS=post&AT=39172027-39023769t-1000010 2c

Re:Mod parent up

[gl4ss]

well.. it's a SPECIAL REPORT.. you know like special olympics(no offence to the disabled).

Why don't they understand?

[Skal+Tura]

Why doesn't the spammers understand that spamming is NOT the way go.

It destroys the rep of your company totally! But in most cases spammers don't care.

BUT

they should understand that is quite hard to get thru, so that the victim would even bother to open it. SPAM is destroying, and eating the net alive.
One finnish professor said not so long ago, that internet will die 2006 because of spam. is he right or not, i don't know, but we are definately heading to that way!

He said that spam would exceed by that so greatly the amount of usefull information, that it would be the death of internet.

There is also some flash cartoons about this heading. Anti spam solutions are being developed all the time, so are they finding more ways to get past them.

More and more spammers are starting to find more ways to spam, ie. using poorly administrated PHPNuke websites with webmail capability to spam!
My server also had one of those, i noticed it by accident, seeing that there were tens and tens of smtpd processes, time for a halt for SMTPD and to investigate the problem: bunch of people were spamming thru an website running on my server, PHPNuke with webmail.

About the sametime, couple days before that someone tried to find which accounts at my server were there by BRUTE FORCE! yes brute force, trying account names like fsdur, isau, weivd, weiouv, woidc, tens and tens of records per second!

More against spam needs to be done at the ISP level!

Use linux to protect exchange

[drsmack1]

Setting Up a Spam-Filtering Mail Gateway For Microsoft Exchange Using Fedora Core 1, Postfix 2.0.19, Amavisd-New and Razor2 http://tinyurl.com/3khzk

This is no more than an ad.

[Door-opening+Fascist]

All these are commercial products. ZDNet has a long reputation of discussing commercial solutions without any regard to completely viable OSS solutions like

MailScanner

MIMEDefang

SpamAssassin

The Test Lab Response.

[Testlab]

Hi All,

Love all the comments !! And despite popular belief I did not get my 2 year old son to write the review.

Reading through them it seems to me there is definitely a few misconceptions that need to be cleared up, so hopefully this may sort a few things out. Then again it may not! :-)

Before we begin down this path I appreciate your patience in getting through this abnormally large post, but it is better to deal with the comments on a whole rather than one by one.

1. We are the RMIT Test Lab, based in Australia, we are a totally separate organization from the magazine who is one of our clients, they contract us to perform three independent technology reviews every month on products that they invite the vendors to submit. The RMIT Test Lab will have been performing independent magazine reviews for 16 years in January 2005. We have certainly produced a hell of a lot of words over that time. For more information on the RMIT Test Lab hit www.testlab.rmit.edu.au The vendors don't pay the Lab one cent to have their products tested for the magazine reviews.

2. For all you Open Source buffs out there, you know who you are! The magazine creates a list of what technologies will be tested approx. six months in advance, one and a half months before going to press the magazine issues invites to various product vendors to submit product(s) to us at the lab for testing, this is generally accompanied by a "scenario" which is set by the magazine to ensure that the vendors stick to certain criteria and submit products of a certain caliber/type and not all eight products that they may have in their inventory which fits into that review category. Therefore it is the magazine who invites the vendors, not the Test Lab nor the reviewer. Basically we have no control over which vendors are invited to submit and at the end of the day every single vendor could not possibly be reviewed, there will always be some who cant submit, wont submit, have not been invited or don't have Australia as a target market. So don't blame us for not including Spam Assassin or any of the other 100's of commercial and open source Anti-Spam solutions that are out there. Also note that a review we have recently completed and submitted "E-Mail Clients" for the next edition of the magazine contained several Open Source products, and a review we have just commenced "Internet Browsers" also contains several Open Source products too. So before pulling out the "Paid for Results" and "Advertising Driven" and "Open Source Bashing" comments think again and take a look at a few of the other reviews we have performed.

3. We are fundamentally IT engineers who design and execute testing frameworks, methodologies and create reports, we just happen to have a very very small modicum of writing ability, we are by no means trained journalists "out for the scoop" or trying to generate traditional "media hype" around varying technologies. We report things as we see them. We are also very experienced in testing these technologies; in fact the majority of the work the lab is contracted to perform is private testing for corporate clients and vendors/manufacturers/developers. Therefore we will not "test" where others try unless the test will provide valid worthwhile results that we will stand behind happily. The fact that we are not journalists means that the Magazine's editorial staff have their work cut out editing our reviews while still maintaining our individual writing styles and the basic concepts of what we are trying to deliver, sometimes it is successful sometimes less so. An example for you is that the review we submitted on Spam was 7,049 words long (25 A4 pages in Word, or Writer, with screen shots and images). And that does not even include the features table or the overview table. The space available for that edition of the magazine was less than 3000 words. Therefore 4000 words had to be lost. We don't get to see the finished product until it is published. Overall I personally feel that the review turned out