Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reviewing Anti-Spam Offerings

Posted by CmdrTaco on from the eggs-bacon-sausage-and dept.

Joel Snyder writes "Just finished looking into the innards of 40+ anti-spam products at Network World. The biggest, ugliest, and most comprehensive look at this market that's ever been done. Conclusions: lots of great products to choose from at the top (a dozen or more); a few stinkers in the bunch; and it's basically impossible to review Spam Assassin, which is unfortunate."

11 of 311 comments (clear)

  1. Re:SpamAssassin? by stupidfoo · · Score: 5, Informative

    RTFA:
    We also reached out to the SpamAssassin community (see "What about SpamAssassin?"), but couldn't find someone who could act as a representative for support and configuration assistance. However, two commercial vendors, Roaring Penguin (on Unix) and NoSpamToday! (on Windows) sent products that exposed their SpamAssassin cores.

    They have a whole page discussing this.

  2. That is unfortunate by suso · · Score: 5, Funny

    I just upgraded my server to the latest version 3.0.1 of spamassassin and the difference is amazing. I haven't had one piece of spam get through to my inbox today. And from what I can tell, there are no false positives yet. Unless you think that Darcy really wants me to come over and check out her new webcam.

    1. Re:That is unfortunate by wackysootroom · · Score: 5, Funny

      What do you mean "misclassifies"? ::Evil Grin::

  3. SpamAssassin? by ajs · · Score: 4, Insightful

    They say, "Although a few well-meaning souls volunteered to be the contacts for SpamAssassin, when it came time to test no one would step up to the plate and represent the product at a level that would make it competitive to the other enterprise-focused vendors."

    I can only wonder what it was that they asked and who they asked. There are several companies that provide products based on SA, and the developers are very responsive.

    I'll have to look in more depth later and see if any of the products they reviewed were SA-based.

    Still, a review that does not cover common open source implementations such as DSPAM and SA is not a review that I would put much stake in.

  4. Spamassassin by confusion · · Score: 4, Interesting
    All-in-all, they didn't blast spamassassin as hard as I thought they were going to. It was sad to see that they didn't think they could get anyone to help them review SA, and it was sadder that they got a lot of the facts wrong about SA, like that it is built around a bayes database.

    The mere appearance of SA, though, is impressive because those trade rags rarely include anything open source (partly due to marketing opportunity for commercial, paying companies).

    Jerry http://www.syslog.org/

  5. Just regurgitating marketing numbers by Anonymous Coward · · Score: 4, Interesting

    The buying guide is useful just for putting all the contenders together. But don't believe the claims until you test them. Barracuda, for example, touts the capability of millions of messages a day, but we are sending our second test unit back because it just can't handle a modest load of real world mail. Their 600, for example, claims it can process "25 million messages per day" but that assumes it is rejecting 95% of the mail -- that's nowhere in their fine print.

  6. Why block spam? by IHateSlashDot · · Score: 4, Funny

    If you block spam you'll never increase the size of your penis.

  7. RBLs rule by mabu · · Score: 4, Interesting

    A well-designed RBL blocks 95+% of spam and consumes less resources than all the other solutions. Plus it has the added benefit of stopping virus and worm propagation, phish e-mails and lots of other scenarios where unauthorized SMTP relays operate.

    I see no reason to use client or server-side products that analyze the mail content, when this slows down mail service and reliability. RBLs, blocking mail based on the legitimacy of the source address has proven to be the most effective method of curtailing spam, and unlike all the other solutions, this one aversely affects spammers by not allowing them to consume your resources.

    If you're in the business of making money off selling spam products, I can see your support of these various half-way solutions, but otherwise, the best way IMO is to employ RBLs at the server level and slowly work towards SMTP whitelisting. I contend this is an inevitability if the authorities don't start prosecuting spammers for their illegal computer tampering.

  8. Re:Avoiding spam by Yaztromo · · Score: 4, Informative
    Maybe it's just me and I'm one of the few lucky people in the world, but out of 5 regular email addresses that I use on a daily basis, I rarely if ever recieve spam, and during the workday, watching mailserver logs, the only people in my company getting silly amounts of spam (to me, one or two messages a day is just a minor annoyance) are people who click every popup and put their email addresses in every form available.

    There are many ways in which spammers harvest and generate spam messages, and not all of them require entering your e-mail address into web forms.

    I have a number of e-mail addresses, some of which date back to the early 90's and use daily, and others which are more recent and which I've never used at all.

    My oldest e-mail address was my primary e-mail adddress for newsgroup postings for many, many years. I haven't given or used that address in roughly 2 years now (as I'm using a different address that forwards to this old mailbox), and yet I still get dozens of spam messages being sent to this address daily (all of which are thankfully auttomatically filtered).

    On the other end of the spectrum is my Gmail account. I have never used this account for anything at all. I've never sent an e-mail from it, or used it to register for anything. And yet it too receives spam (all of which Google also does a good job of filtering automatically). An old e-mail account I got from my ISP when I signed up for my first cable modem was similar -- I already had a mailbox and never used that account. I never even bothered _checking_ it, until one day nearly a year later out of curiousity to see how many spam messages it may have received -- only to find the mailbox was filled with hundreds of spam messages.

    I often see messages where the list of recipients was obviously generated by attaching a list of user names to each entry in a list of domains and then sending the results. And who knows how many Windows e-mail worms out there are sending users address book entries back to spammers.

    Best practices can reduce your spam load from certain vectors, but not all of them, making some form of filtering good policy. When even unused mailboxes are getting clogged with spam, however, you know that best practices alone just aren't enough.

    Yaz.

  9. Re:I don't know how much I trust their conclusions by joel_snyder · · Score: 4, Interesting

    Yes, you're right; it's an error. My notes show that you can turn on SSL for management, but what got written in the article is wrong. It'll get fixed online immediately. That crept in as part of the editing process.

    On the other hand, I don't understand why ANYONE ships ANYTHING that talks on port 80 anymore. It's not like OpenSSL hasn't been proven through-and-through (or you can write your own). Port 80 might be fine for pictures of your vacation, but the management interface on a corporate mail server should be encrypted and authenticated.

    However, if you want to discount a 10,000 word article for a single error, then you're going to have a hard time believing anything you ever read anywhere ever.

  10. Worthless accuracy table by Ekman · · Score: 4, Insightful
    The way they reported the results was pretty bad. The left two columns ranked products by false positives, while the right two ranked products by spam caught. It is very difficult to look at this table and get a sense of which products performed the best. For example, the top product for false positives, BorderWare at 0.04% looks very impressive until you look at the other column and see that it only caught 88%. It's easy to have a low false positive rate when your catch rate is low, too.

    At minimum, they should have taken the false positive rate, added it to the percent missed and ranked by that. Doing so sends BorderWare into the middle of the pack where it belongs, and more likely winners rise to the top. (Postini and MailFrontier). Pretty shoddy reporting when the end reader has to take your numbers and plug them into a spreadsheet to make any sense out of them.

    They could have also weighted the two error rates, but deciding on weights would be pretty subjective. Some might think false positives should be weighted higher, while others might think the opposite. Ranking them without weights would have been an acceptable compromise.