Ask Slashdot: Why Are Major Companies Exiting the Spam Filtering Business?

broswell writes: For years we used Postini for spam filtering. Google bought Postini in 2007, operated it for 5 years and then began shutting it down. Then we moved to MX Logic. McAfee bought MX Logic, and McAfee was purchased by Intel. Now Intel is shutting down the service. Neither company chose to raise prices, or spin off the division. Anyone want to speculate on the reasons?

Maybe it's not profitable?

Maybe it's not profitable?

Re:Maybe it's not profitable?

Both services were shut down almost exactly 5 years after being acquired.

Both companies are in the business of identifying, tracking and monitoring online users.
Blocking any kind of user identification does not fit in with this business model.

Re: Maybe it's not profitable?

That's exactly how google tailors adsense to your taste you know, that's where it started. This is also used as reason that email is not private.

Re:Maybe it's not profitable?

[Z00L00K]

In exactly that case I'd actually consider a reinforced tinfoil hat.

Re:Maybe it's not profitable?

[BarbaraHudson]

Look again - there's a tab at the top of the page for "promotions" aka paid advertising.

Re:Maybe it's not profitable?

[mindwhip]

It's as likely both bought out companies had a patent or some other similar technology that the large company wanted. 5 yeas is probably how long they had to keep the old company running to avoid some legal issues such as employee rights or stock market regulations.

Re: Maybe it's not profitable?

Yup. I would exepect in the case of google, the kings of spamming and privacy and IP violations, at least, they likely simultanesously don't want the competition and do want to cover their own asses. ;)

Re:Maybe it's not profitable?

[Aighearach]

Maybe 5 years is the mean time from purchase to "shut down the old company's high profile PR gestures because it has been `long enough.'"

You look bad if you shut it down right away without giving people time. The longer you wait, the less news there is. After 5 years, it isn't part of the business news related to having bought the old company; only nerds will even hear about it.

Re:Maybe it's not profitable?

[Aighearach]

In exactly that case I'd actually consider a reinforced tinfoil hat.

Oh no, he's going full-strainer. Never go full strainer.

Re: Maybe it's not profitable?

[Martin+Blank]

Serving up ads above or next to a message isn't the same as adding an ad to the message.

Re:Maybe it's not profitable?

[mikael]

Or maybe increased amounts of spam helps sell more higher performance hardware? Some UNIX workstations vendors had a "slow software is good for business" mentality because it kept demand for new CPU's up. They absolutely hated it when developers starting optimizing code rather than adding new features.

Re:Maybe it's not profitable?

[davester666]

Probably just realized it's more profitable to get into creating and sending out spam, and they don't want one division of their company working against another division.

Re:Maybe it's not profitable?

[tepples]

Perhaps Anonymous Coward's point is that Gmail didn't matter from day one because of its contextual ads.

Re:Maybe it's not profitable?

[hairyfeet]

As was thinking the same thing. Intel is a hardware company who makes hardware that is frankly overpowered compared to what most users have for them to do, so what to do? Well make sure they have enough work to bog the hell out of 'em, thus making new chips seem more attractive. Selling software that helps older machines stay out in the field by cutting down on the work they have to do? Not good for business, not good at all.

That does make me wonder though if Intel is royally pissed at MSFT, after all Intel was able to sell chips for years on "What Intel giveth MSFT taketh away" but the last 3 releases have been actually getting better as far as resource usage, not worse. I bet Intel is probably steamed that such an easy way to sell chips has been taken away which would give them one more reason not to want to sell software that lowers system usage.

Re:Maybe it's not profitable?

[mikael]

I've noticed that - my old laptop (2.8Ghz dual-core with nvidia Ti5600) used to be able to run Google Streetview quite comfortably. Now, it just got slower and slower as new version of Firefox came out. My assumption was that the software was using a larger cache size or something.

Intel still has all those "extensions" like AVX, multi-core, Thread-Building-Blocks and hyper-threading", but there just isn't that many applications that require an overclocked 4GHZ twelve core vector accelerated floating-point unless it's some kind of supercomputing application. That's where they make most of their money. The markups on the latest high-end processors are usually three times that of the medium range ones.

Re:Maybe it's not profitable?

[hairyfeet]

Try Comodo Dragon, which is Chromium without the Google crap baked in, they also have a version of FF called IceDragon if you want the Gecko engine.

I use Dragon on my netbook I use for service calls, we're talking AMD E350 which is a 5 year old lightweight APU, and once it loads its quite snappy and a pleasure to use. Firefox IMHO has just gotten too bloated as of late and really slows down older systems.

Nobody is buying email software anymore

Because Gmail does a better job anyway, and outlook is for old people.

Re:Nobody is buying email software anymore

[amiga3D]

The US government is heavily into outlook. Think of how many millions of installations that is.

Re:Nobody is buying email software anymore

[Nutria]

Outlook is for business, because Exchange is for business.

Re:Nobody is buying email software anymore

Microsoft does give a version of Office 365 away for free for anyone. Its way wayyyy better than Google Docs. Also the commercial version of Office 365 is cheaper that Google docs in the UK & EU. Might even be cheaper in the US also but I dont care enough to look.

I created a startup in 2009 and decided on Google Docs as the main business organisation platform. It worked great while we were only 3 staff and our requirements were very simple. As we added staff and complexity Google Docs got worse and worse. We spent so much time trying to find ways round the lack of features and collaboration functionality that by the time we got to 25 ish staff the whole thing imploded.

Google docs is not really a business platform.
You want shared mailboxes? hahahaha no chance.
You want support for a commercial product? It just doesn't happen unless your idea of support is google forums.
You want to report a bug? Awesome, just dont expect any response to it or it to be fixed.
You need to sync with your on premise AD structure? You can in theory, in practice, you spend a lot of time resolving conflicts and it isnt worth the hassle.

So is Office 365 the magic bullet? No its not perfect but we now have 320+ users on Office 365 Business Essentials and it needs less support resource than Google Docs at 25 users.

Re: Nobody is buying email software anymore

[ArmoredDragon]

So anybody could get it for free except people like Abraham and Moses?

Re:Nobody is buying email software anymore

[ArmoredDragon]

Microsoft does give a version of Office 365 away for free for anyone. Its way wayyyy better than Google Docs

I don't know about features (I only use the most basic of features in office apps) but I've found Google Docs to have far more polish. That is, it seems faster, objects seem to go where you intend them easier, and it's also easier to figure out how to do what you're trying to do.

Re: Nobody is buying email software anymore

[hackwrench]

However Outlook isn't Microsoft's only email product. I go to Outlook.com for my Hotmail address, but I also have a Gmail account.

Re: Nobody is buying email software anymore

[Tim+the+Gecko]

A prophet is not without honor except in his hotmail, and among his relatives, and in his own house.

Re:Nobody is buying email software anymore

[Nutria]

The fact that you have a MAIL SERVICE that literally eats the entire resources of a server, belches and screams for more

I -- as an end user -- don't care.

all while delivering bare functionality, for a minimal number of people is an absolute joke.

I use T-bird on my Linux desktop at home, and Outlook integrated with Exchange on my work laptop. Not only is Outlook a manifestly superior email client, the quite useful group calendar functions are infinitely better since... T-bird doesn't have group calendar functions.

Re:Nobody is buying email software anymore

[germansausage]

So tell us, O wise Chas, what do you use instead of Outlook/Exchange/Lync?

Re:Nobody is buying email software anymore

[Z00L00K]

I agree - and the Outlook junk mail filter is smoking something as well - letting through spam and blocking legitimate mail.

Re: Nobody is buying email software anymore

You have got a clue what you're talking about. I've used many mail clients. They all have their place. But the only mail client appropriate for medium to large and enterprise corporations is outlook. Nothing compares in its ability to collaborate. Every time I see these startup tech companies using @gmail all I think is well at least they are smart enough to not have @hotmail or @yahoo. But they don't care about collaborating with coworkers. Gmail is great but try sharing multiple mailboxes and calendars and let me know how far you get

Re:Nobody is buying email software anymore

Zimbra

Re:Nobody is buying email software anymore

[greenfruitsalad]

mere thought of that java monstrosity makes me shiver. i spent 9 years administering that thing (among other things). upgrades were hellish nightmares. spam filter training never worked properly. it was power and memory hungry. it was horrible and got worse with each version.

when i went for a manually configured postfix+dovecot+spamassassin and ejabberd, i felt it was more user/admin friendly. speedwise, it flew circles around any zimbra/exchange installation i had ever seen. ms office communications server/lync is/was/will always be an unreliable resource-hungry pile of crap compared to almost any other sip/xmpp server.

Re: Nobody is buying email software anymore

[mysidia]

Actually..... one of my clients is an E-mail hosting provider, and Microsoft has basically murdered the E-mail hosting business by giving away Office 365 for free to Academic entities and non-profits.

MS makes this out as a "donation", but the schools were reluctantly forced into switching to O365, even though the IT administrators felt that this would be technically inferior, and they expect the quality of support will be much lower.......

The simple fact is that Google and Microsoft are changing the E-mail hosting business from a business that can generate a little bit of profit, to a business that is completely non-profitable, and only very large providers will be able to offer this service.

Also, Microsoft and Google have their own spam filtering solutions, and they don't need to buy someone else's product, So they are also basically killing the Spam Filtering solution industry.

Spam filtering solutions have become very expensive over the years ---- so, if you want to sell a spam filtering solution, you basically get two choices: Either be non-profitable, or sell at a very high and increasing price, to a customer base that is rapidly decreasing in number (As Google and O365 are well on their way towards taking over the entire E-mail hosting business and eliminating all competition), and the higher prices will drive people towards the alternatives.

OR: Sell a specialized solution with extra features such as E-mail encryption or Archiving features that MS and Google cannot offer at scale (YET).

Re:Nobody is buying email software anymore

[mysidia]

The fact that you have a MAIL SERVICE that literally eats the entire resources of a server, belches and screams for more

Linux mail servers are the same way. You have to consider how businesses use Exchange, to understand Exchange's resource usage is not unreasonable. The average Exchange user's Mailbox size these days is about 5 gigabytes, for most companies; the software is a full-text indexing behemoth.

Also, Exchange does not scale down to small sizes well. The resource usage is much reasonable at larger scales. If you have less than 500 mailboxes, then use a hosted solution, instead of running your own server infrastructure.

Outlook is a shitty mail client for idiots because Exchange is a shitty mail solution for lazy-fuck admins.

No..... Exchange is more difficult to manage than other solutions. Exchange would actually be for masochist admins, But the requirements that cause Exchange to be used are driven from the business, and managers who want Exchange, not from the administrators.

Re:Nobody is buying email software anymore

[Aighearach]

The ONLY thing Exchange has going for it is that it's integrated into [legacy ERP software]

Even a broken BOFH is right twice a business cycle.

Re: Nobody is buying email software anymore

[mysidia]

Gmail is great but try sharing multiple mailboxes and calendars and let me know how far you get

There are other tools you can use for that. E-mail is not the only way to collaborate, and your calendars don't need to go through the same software.

Re:Nobody is buying email software anymore

[Aighearach]

Chas might be more sophisticated than I am, but I've been happily using postfix since abandoning sendmail in `99.

And on the client side... SMTP and ( IMAP or POP )

Re:Nobody is buying email software anymore

[Duckman5]

Not only is Outlook a manifestly superior email client, the quite useful group calendar functions are infinitely better since... T-bird doesn't have group calendar functions.

What exactly do you call Lightning? Looks a lot like a calendar to me.

Lightning even supports a few network calendar formats natively. Need to sync with CalDAV? There's a plugin for that.

Oh, I see...they're not automatically included. That's a positive since not everyone needs those extra features. Some people just want email. That's what makes it nice. That's why people used to flock to Firefox before it became a giant, bloated piece of garbage.

There are a lot of things that can be said that are negative about Thunderbird (it's slow, freezes often, prone to mailbox corruption) but lacking a group calendar is not one of those negatives. It works just fine for keeping my entire family connected and aware of what's going on in the coming weeks.

Re: Nobody is buying email software anymore

[jader3rd]

Sell a specialized solution with extra features such as E-mail encryption or Archiving features that MS and Google cannot offer at scale (YET).

Why can't MS or Google offer E-mail encryption at scale? And I know that MS does offer online Archives as part of O365.

Re: Nobody is buying email software anymore

[lgw]

Anyone who proposes "fixing" lack of features in a software product by educating the customers is an idiot, and trying to fix anything by educating the users is worse than idiotic.

Outlook works the way people expect things to work. Exchange is a horribly painful way to enable that. Doing these things another way is frustrating all your users for the sake of your personal convenience. Is that your job, really?

Re: Nobody is buying email software anymore

[Predius]

Google does offer email archiving at whatever scale you want to throw at it.

Re:Nobody is buying email software anymore

[thegarbz]

And gmail just works.

Works with what? Given that it has about 5% of the feature support of Outlook why is your comment even relevant?

Re:Nobody is buying email software anymore

[MightyMartian]

I have yet to see a Linux mail server that eats as much RAM and CPU cycles as Exchange. Exchange may be the best at what it does, but that's hardly an argument in favor of its nature as a specifically designed resource hog.

Re: Nobody is buying email software anymore

[phorm]

Agreed. AD seems decent, but Exchange+Outlook at any company has been a bit of a beast with more than a little voodoo keeping it running.

Re:Nobody is buying email software anymore

[Martin+Blank]

LaTeX forumulae? No.

Relying on Office365 working in a non-Microsoft browser? Absolutely.

It works fine in Firefox, Chrome, Opera, and Safari, with no substantial differences between those and IE (if anything, non-IE is faster). I haven't tried Konquerer, but it might work passably even there.

Re: Nobody is buying email software anymore

[n0creativity]

Good god, that suggestion sends the hair on my body straight... I took over as sys admin at a non-profit about 9 months ago and they were using Zim... I can't even type the whole thing... It was a total mess. Partly because the admins before me had no business trying to run an in-house mail system and partly because the software structure was just, well scary. My first major project was get us off that stuff and onto O365. We qualified for MS educational pricing for Office so we went with Office Pro Plus which comes with Exchange Online and a lot of other features for free. It's been 5 months and I can't even begin to express how happy I am with the decision. No more digging through postfix configs trying to figure out why random emaila were getting through or not. Not to mention, ClamAV seems to be months behind on its def updates. The Zimb... nope, still can't do it... The old 'mail' VM is spun down and I pray it stays that way until the emails in it fall out of our retention period!

Re:Nobody is buying email software anymore

[arth1]

I use T-bird on my Linux desktop at home, and Outlook integrated with Exchange on my work laptop. Not only is Outlook a manifestly superior email client, the quite useful group calendar functions are infinitely better since... T-bird doesn't have group calendar functions.

The non-e-mail functionality does not make it better at e-mail. i still haven't figured out how to add custom headers to individual Outlook e-mails, or prevent it from rewriting the addresses I put in, or check mail routing for a message before sending, or export an e-mail in SMTP format, or prevent it from modifying headers or body (tus making it useless with standalone encryption/signing), or a bunch of other things that are e-mail specific.
As for non-e=mail features, some of them are a bonanza for malware writers, like OLE integration, preview panes, context-sensitive rendering and much more that isn't part of e-mail.

Re: Nobody is buying email software anymore

[Monoman]

MS and Google are definitely locking in customers. They know that it will get increasingly difficult for their customers to migrate off of these systems. Just try to migrate those huge mailboxes to another service.

I work for an EDU and we use MS anti-spam services which works pretty good. What I have started to notice is that a bit of "opt-out" marketing spam (not the Vi@gra, CuRe B al Dness stuff) hitting my mailbox is from companies using O365. It isn't enough for me to be convinced that MS lets their paying customers spam me more easily but it's enough that I'm starting to pay attention .... and I will mention it to our rep.

Re: Nobody is buying email software anymore

[pnutjam]

I have a "family" gmail system. We share calenders fine. My wife and I sync ours to each others phone. I also share email with my kids. I have it configured so I can log into their email from my account. For kids to young for their own email, I configure an alias for my account or my wife's and set forwarding rules to make sure we both get the messages.
It's pretty easy.

Re:Nobody is buying email software anymore

[amyreyna]

I am using Gmail for business too...but mostly Internet of Things business. But I also use outlook, mostly for the real life (offline) business. Client on real life said if I am using Gmail for my business, I am not that serious with the business and I hear it with my own ears

Re: Nobody is buying email software anymore

[mysidia]

And I know that MS does offer online Archives as part of O365.

Yeah, Online archives managed by the user whose mailbox it is....

Generally a business mail archiving solution is compulsory archiving, which the end user has no control over, and silently archives each message into compact indexed storage.

The Online Archives solution is more like a PST file on the local computer, just outsourced to the cloud, in that the end user decides when to move messages into or out of their Online Archive, and they can still edit/delete messages in their Online Archives.

Re:Nobody is buying email software anymore

[david_thornley]

Gmail was not going to do a good job of handling my personal domains, including the email address I've been using for over twenty years now. I tried FastMail instead. So far, it seems to be working great.

Re: Nobody is buying email software anymore

[0xG]

Also, Microsoft and Google have their own spam filtering solutions

Not quite right.
Microsoft did the same thing with Forefront.
It used to be "Antigen", the MS$ bought it.

Now they have shut it down as well.

Re: Nobody is buying email software anymore

[mysidia]

Now they have shut it down as well.

No.... that's not quite accurate. Microsoft STILL has their own spam filtering solution.

It's available only as a cloud product; either by moving your mailboxes to O365, or by subscribing to Exchange Online Protection and using their hosted antispam service.

Google / Postini

Guessing Google integrated the parts of Postini they wanted into Gmail's spam filtering and has no desire to help improve other email providers spam filtering.

McAfee recommends migrating from MXLogic to Proofpoint -- an exclusive partner. In this pdf they call it a more feature rich product. And I'd guess they are getting some sort of financial incentive to recommend Proofpoint. http://www.mcafee.com/resources/faqs/faq-eol-email-security.pdf

The elephants in the room

[mrsam]

Google had no need for Postini. Google's own spam filtering in Gmail is pretty good. Probably as best as spam filtering could be, under the circumstances. So that's one elephant in the room.

The other elephant in the room is Microsoft, with Hotmail, or Office 365, or whatever it's called these days. I don't have any firsthand exposure to that service, but from what I hear its built-in spam filtering is also fairly good.

Big email providers like that have no need to use an external, third party spam filtering service, since they have the technology, and the scale, to implement it in house. Organizations that outsource their email service to these elephants get spam filtering as part of their service and, again, have little need for a third party service.

About the only likely market for third party spam filtering services would be small to mid-range ISPs or organizations that want to run their E-mail in house. They wouldn't typically have the in-house technology to implement spam filtering, and would rely on a third party. Seems like a fairly small market to me, and with E-mail generally on a slow, steady decline there doesn't seem to be a lot of market opportunities here, for third party spam filtering services.

Re:The elephants in the room

[gmack]

Actually Hotmail/Outlook etc have a pretty bad false positive rate. For my clients, I have far more complaints abut personal email from my server being redirected to the Junk folder from Hotmail users than from any other provider and that's on top of the once a year ban my mail server.gets from Microsoft where everything bounces until I email them and they remove the block with no feedback as to why it happened.

Re:The elephants in the room

[jeremiahstanley]

I think email is on the decline just like the iPhone isn't selling anymore - only in news reports. Yes, it's not as popular as it once was however it is still a major method of communicating with customers. The availability of Google Apps (and similar services) for small to medium sized businesses is - from a sys admin perspective - an amazing thing. Their spam/malware protection is better than any other product I've ever used and it does it's work transparently.

I would counter that not only is email not in decline, it has become so important that individual businesses are outsourcing its deployment to larger firms who specialize in delivery and security with geographically distributed service centers. When you can get 30GB of storage, multiple services, spam/malware filtering, and somebody to call when it breaks for $5/mo per employee why would you spend money on your own infrastructure to do a tricky service like email?

Re:The elephants in the room

[Nutria]

About the only likely market for third party spam filtering services would be small to mid-range ISPs or organizations that want to run their E-mail in house.

You're completely ignoring every company that runs an Exchange server.

Seems like a fairly small market to me

It's a huge market.

with E-mail generally on a slow, steady decline

With such a low ID number, you can't be an idiot college student. Maybe you've just never worked for an Very Large Company.

Re:The elephants in the room

[marciot]

Also, mobile devices. It's very hard to support mobile devices if your e-mail server is behind a firewall. So mail naturally moved to the cloud for most businesses. Once you're paying someone to host an Exchange server, you might as well pay them manage it, hence the rise of Office365 and what not.

Re:The elephants in the room

[EmeraldBot]

Google had no need for Postini. Google's own spam filtering in Gmail is pretty good. Probably as best as spam filtering could be, under the circumstances. So that's one elephant in the room.

The other elephant in the room is Microsoft, with Hotmail, or Office 365, or whatever it's called these days. I don't have any firsthand exposure to that service, but from what I hear its built-in spam filtering is also fairly good.

Big email providers like that have no need to use an external, third party spam filtering service, since they have the technology, and the scale, to implement it in house. Organizations that outsource their email service to these elephants get spam filtering as part of their service and, again, have little need for a third party service.

About the only likely market for third party spam filtering services would be small to mid-range ISPs or organizations that want to run their E-mail in house. They wouldn't typically have the in-house technology to implement spam filtering, and would rely on a third party. Seems like a fairly small market to me, and with E-mail generally on a slow, steady decline there doesn't seem to be a lot of market opportunities here, for third party spam filtering services.

No, email in general is as strong as ever. The reason why it's not profitable is precisely there, however: it's mostly small ISPs who would buy this, and I don't think anybody would use their email service to begin with. The vast majority of us use either Gmail or Outlook, or a small number will self host our own personal email servers. It's a little shakier among smaller, paid email services such as Proton Mail(Privacy comes at a price, but I've heard their free version is still pretty decent), but my guess is these people also make enough to run their own spam filtering, so you're correct in saying the market's too small. Email as a whole is still a very popular medium, however, and I wouldn't go so far to say it's on a decline...

Re:The elephants in the room

[penguinoid]

On that note, it seems likely to me that the biggest mail companies benefit greatly from spam. After all, they would be in a better position then their competitors to filter it, and have no risk of being "accidentally" put on someone's blacklist.

Re:The elephants in the room

[Dredd13]

Lots of those Very Large Companies are just outsourcing their e-mail because it's a major-league-bitch to run it themselves.

Re:The elephants in the room

[whoever57]

Also, mobile devices. It's very hard to support mobile devices if your e-mail server is behind a firewall

No it isn't. Just forward a few ports and you are done.

Outlook is more of an issue because the certificate handling between Outlook/Exchange is broken now that you cannot get SAN certificates.

Re: The elephants in the room

[Etherealmind]

Big companies are no longer significant in terms of IT vendors. They move too slow, and spend very little compared to consumer market. Billions of smartphones versus millions of corporate desktops means that enterprise IT is a secondary market. Big companies do big business. They don't play with the small stuff.

Re:The elephants in the room

[marciot]

No it isn't. Just forward a few ports and you are done.

And make sure you have a public IP address and DNS entry, make sure you are up on your security patches on your server and have help desk staff to help people configure their mobiles, etc. Furthermore, outsourcing e-mail typically gives you mobile device management, two-factor authentication and a lot of extra goodies. It's very hard to implement the complete package yourself.

Re:The elephants in the room

[keltor]

A large amount of large companies either have plans in place to migrate to Gmail/O365, are IN mid-migration, or have already migrated to them. It might be that in your sector they are behind in doing this, but Microsoft sweetened the pot a few years ago and Gmail is really cheap to begin with. For the typical F100 company, there's not even a way they can compete with likely "free" from Microsoft and $50/user from Google. Companies are paying in upwards of $125/user for internal Exchange.

Re:The elephants in the room

Actually Hotmail/Outlook etc have a pretty bad false positive rate. For my clients, I have far more complaints abut personal email from my server being redirected to the Junk folder from Hotmail users than from any other provider and that's on top of the once a year ban my mail server.gets from Microsoft where everything bounces until I email them and they remove the block with no feedback as to why it happened.

My company (1000+) moved to Office 365 cloud email and have twice gotten our own servers blacklisted for sending corporate email to our own users. Either our IT is incompetent or theirs is. Maybe both.

Re:The elephants in the room

[Chris+Mattern]

I work for a moderately large university. We outsourced our email, which used to run on Exchange, to Google years ago. We're a long way from being the only ones.

Re:The elephants in the room

[jhecht]

Google had no need for Postini. Google's own spam filtering in Gmail is pretty good.

In my experience, spam filtering in Gmail is pretty BAD because of large numbers of false positives. Its algorithms appear to have some kind of quota for spam, and if your account gets no obvious spam, they will pick some for you out of incoming newsletters, new correspondents, and legitimate commercial email. GMail is the only email server I have to check daily for false positives.

Re:The elephants in the room

[Nutria]

I work for a very large global IT firm, and don't remember the last time that Exchange hiccuped.

Re:The elephants in the room

[Z00L00K]

And then you will never know at all about the mails that have been blocked completely. Those you get in the Junk folder may just be the tip of the iceberg that has a probability to be spam but still might not be.

Re:The elephants in the room

[Gojira+Shipi-Taro]

I work for a very large global IT firm too, and I remember the last time Exchange hiccuped this week. It's very good at being non-obvious about it's connection issues, until it takes 40 minutes for the person at the desk next to you to receive an email with nothing more than a link they requested.

Re:The elephants in the room

[mysidia]

You're completely ignoring every company that runs an Exchange server.

You can run a hybrid Exchange environment, and use Microsoft Online Protection for Exchange.

It's like $3 a month per mailbox, when solutions like McAfee's were more than $10 a month and did a poorer job at spam filtering.

So again, why would they want to pay more for spam filtering than they had to, if nobody is doing better than Google or MS these days?

Re:The elephants in the room

[Aighearach]

email is numerically "in decline" because much of what is on twitter on other proprietary apps would have been in email in the past.

One thing I've noticed is that an increasing number of companies are responding to email support requests in a serious manner, because the bean counters are finally figuring out how much cheaper email support is than phone support because it is asynchronous.

Re:The elephants in the room

[Aighearach]

I work for a very large global IT firm, and don't remember the last time that Exchange hiccuped.

but your BOFH does.

Re:The elephants in the room

[mysidia]

and have no risk of being "accidentally" put on someone's blacklist.

word is Microsoft has many servers appearing on Spamcannibal's blacklist, and also, occasionally a message will get bounced back b/c the MS SMTP server is listed on Spamcop.

Of course they will occasionally have IP addresses put on someone's blacklist, but if it starts to cause problems ---- they have more resources available to them to address it, before a significant number of customers notice.

Re:The elephants in the room

[Aighearach]

Only a few hundred comments in to find a reasoned analysis. Not bad.

Re:The elephants in the room

[rnturn]

I remember the last time Exchange hiccuped this week

You mean it hiccuped more than once this week? Yikes!

Re:The elephants in the room

[jader3rd]

I have far more complaints abut personal email from my server being redirected to the Junk folder from Hotmail users than from any other provider

The vast majority of SPAM never even makes it to the Junk folder.

Re:The elephants in the room

[thegarbz]

Actually you'll find lots of those companies are outsourcing some aspects of it to get some fancy cloud features, but are still running major exchange backends.

Re:The elephants in the room

[MightyMartian]

I have Postfix with Spamassassin and ClamAV on a gateway server that the passes email on to the Exchange infrastructure. I wouldn't dream of leaving an Exchange MTA listening to the big wide world on Port 25.

Re:The elephants in the room

[fsckinhippies]

Exchange is VERY easy to run internally.

Re:The elephants in the room

[fsckinhippies]

That is just DNS and configuration. No SAN cert is really needed.

Re:The elephants in the room

[whoever57]

have help desk staff to help people configure their mobiles, etc

Setting up mobiles: Yes, with Exchange, in my experience it's necessary to go through the process several times, because, for whatever reason, it will fail, fail again and then eventually work.

Furthermore, outsourcing e-mail typically gives you mobile device management

Exchange provides remote wipe capability for connected mobile devices.

Re:The elephants in the room

[stephanruby]

You're completely ignoring every company that runs an Exchange server

A couple of points. Open source tools and blacklisting services have become pretty good at filtering spam, and archiving email. This has only turned email into more of a commodity business.

Also Postini wasn't just about spam filtering. It was also about company-wide email archival and regulatory compliance. That being said, after the NSA debacle and the ever increasing demands of the NSA being in control of everything without judicial oversight, any foreign-based companies still using Postini or MX Logic would really look bad in their own country if they were to continue to do so.

It doesn't really matter if Google offers to host your data and its servers in your home country anymore. The US/UK/Australian/Canadia governments have clearly shown that it do not care about national boundaries when it comes to surveillance and archival.

Re:The elephants in the room

[Dredd13]

BWAHAHAHAHA.

Thanks for the mid-afternoon laugh.

At scale, Exchange is a right PITA to run.

Re:The elephants in the room

[whoever57]

That is just DNS and configuration. No SAN cert is really needed.

Perhaps it depends on exactly how the Exchange server is configured behind a firewall. Why else would anyone have ever needed a SAN certificate with a non-registered name?

Re:The elephants in the room

[swb]

I guess it depends on your definition of "at scale". With some planning, it seems fairly easy to get decent scaling and availability. DAGs work pretty well. The thing that seems to get harder is the planning and licensing.

IMHO, Exchange 2013 has been a big step backwards in reliability and management. My conspiracist opinion is that Microsoft is deliberately trying to make it less appealing for SMBs to run in house because they want them hooked in as a permanent revenue stream to O365. The UI has lost even more common tasks and is really sluggish.

2010 was really pretty reliable and seems to run well even with ridiculously low resource allocations -- I've run 5 user servers in as little as 3 GB of RAM. The console UI is almost unusable due to swapping, but client operations don't really seem impacted on an ongoing basis.

What's kind of funny is that 2016 is back to being the unitary server role, completing the collapse of server roles that started in 2013, basically going back to the same model they had in 2003.

Re:The elephants in the room

[thejynxed]

That it does, but sometimes this is a good thing, because just sometimes you don't want to unsubscribe to some company newsletter that you did business with a few times using their unsubscribe function because who knows what that will unleash - instead you just quietly allow GMail to appropriate it into the spam box, and then from there, "delete all spam", which then marks the rest of that incoming crap as spam and poof, there it is.

Re:The elephants in the room

[davecb]

I happily use spamcop, because they do one thing relatively well, and when it's not well, medicate it quickly (;-))

--davecb@spamcop.net

Re:The elephants in the room

[fsckinhippies]

Not really. One could easily create a zone for just the mailserver in their DNS for mail.mycompany.com that points to the internal IP address, or DMZ address.

Re:The elephants in the room

[fsckinhippies]

We have exchange servers for 10 users and we have exchange servers for 8200 users. The management is not very different with the exception of DAG configuration/maintenance. Even that is not very difficult. If you can manage AD, you can manage exchange. Not only that, but E3 is more expensive than owning exchange servers, paying on SPLA for office, and enterprise CAL, We manage exchange servers for flat $100 per month per server. We do barely any maintenance on them and it is a cash cow for us. It really is that easy, and I am sorry if your previous environment was not setup properly.

Re:The elephants in the room

[fsckinhippies]

I agree with everything you said. I hate the fact that the moved to an entirely web based management for most things. I miss the MMC management. That said, it has pushed our junior techs to learn powershell quicker. Once you pass 20 users there is a minimal financial benefit for O365 versus $1 out leasing the equipment to do it in house. I guess that is Microsoft making it look better to move to their hosted crap and then doing nothing more than removing flexibility.

Re:The elephants in the room

[Dredd13]

Environments, plural. I've yet to see an employer where their exchange wasn't a giant raging nightmare.

From a user standpoint, absolutely, it's awesome. From an admin side, it's rampant chaos.

YMMV

Re:The elephants in the room

[fsckinhippies]

I am curious what the nightmare could be. If the database is online, AD is functioning and you are not blind patching your systems, there is not a lot to go wrong.

Re:The elephants in the room

[Dredd13]

- Individual Mailboxes getting "too big" (FSVO "big") and Exchange performing badly with them
- Frequent corruption of the mailstore requiring repairs and usually resulting in the loss of n>0 messages

Those are two complaints I remember being most common from folks who've dealt with it.

Re:The elephants in the room

[swb]

It's not that there's anything wrong with the Powershell functionality, it's that the GUI has been rendered featureless *and* clumsy to use.

What really puzzles me is that Microsoft puts so much effort into creating *new* GUIs (whether it's Exchange or Windows Server) but creates them with less functionality. It's like they could have spent the same energy just updating an existing GUI with the new product features or functionality without losing the old GUI functionality or visually redesigning the entire thing.

Part of me thinks they've made Powershell a big deal as kind of a me-too attempt to be CLI elite. And another part of me thinks they're doing it to cut their development costs -- roll out new features and just don't create a GUI for them. And then there's the idea that they do it just to make it harder to use to drive the lower end of the market into forever-pay cloud services.

I think it's all crazy. I'm pretty sure the GUI was invented because (when done well) it made interfacing with computers easier and more efficient. And a lot of tasks benefit from a visual presentation of information beyond what you can get in ASCII tables and lists.

It's not that CLI and scripting aren't valuable, either -- it's not an either or thing, but a case where a decent GUI is a huge improvement and it seems odd to make the GUI worse on purpose.

Re:The elephants in the room

[wvmarle]

Actually Hotmail/Outlook etc have a pretty bad false positive rate. For my clients, I have far more complaints abut personal email from my server being redirected to the Junk folder from Hotmail users than from any other provider

I've had the same problem, it seems they're very rigorous on SPF records. I had nothing set for my domains, and that's apparently bad for Hotmail specifically. After sending a bunch or mails to Hotmail I actually got some bounces, where in the headers I noticed SPF checks failing (for reason of no records present). Recently I changed this, and I'm getting more replies to e-mail to Hotmail already.

Now it's very very hard to do any true statistics here, it does seem to be (part of) the issue of my e-mails not arriving, or being junked.

Re:The elephants in the room

[mcrbids]

I have little doubt that gmail SPAM filtering is Postini SPAM filtering with a few tweaks.

Re:The elephants in the room

[drinkypoo]

You're completely ignoring every company that runs an Exchange server.

What prevents you from putting something else in front of Exchange to do your filtering in-house?

Re:The elephants in the room

[RandomFactor]

That's typically the case.

i suppose you could rely on local AV and Outlook's built in filtering for smaller installations. But there are a lot of things you can do on small installations that don't scale to enterprises.

MultipleAV engines and more comprehensive spam and malicious email filtering in line seems to be the best and common practice however.

1) Postini did not go away un-replaced, Google worked to migrate users to their new filtering service. Basically Gmail, but you could have it pass through to your on-premis environment. It was wonky and they didn't get all the features and capabilities in place in time and we went elsewhere.

2) General market shrink is the reason for loss of some email filtering vendors. Filtering has been integrated in services such as Google Apps for Business and O365, and invariably if you go with those services you go with the included filtering. These services have been growing gangbusters and include email hygiene as part of the base service.

if the included service is good enough it is a difficult business case to make to spend on a standalone filtering service.

Re:The elephants in the room

[fsckinhippies]

Online archive has been around for 3 versions now. It prevents the mailbox size issues. Store corruption is 99% of the time related to the database not being shutdown properly. If this is a frequent problem, the issue is not exchange. DAG, and good backups mean the loss of 0 messages.

Re:The elephants in the room

[Dredd13]

We would see the corruption on databases that weren't being shut down, just one day it was fine, the next it was corrupt.

Online archive requires *either* that users be proactive in doing so, or that as administrators you're just (by policy) ripping messages out of their mailbox and putting them somewhere else on an automated basis. The former is pretty difficult to convince folks to do, the latter would not be acceptable at pretty much any place I've ever worked (folks want to organize their mail "their way so they can find things easily") and automated tools changing that goes against how they use mail.

Re:The elephants in the room

[fsckinhippies]

If the database was getting corrupted while just running along, that would be a new one for me. Still, a restore of the database and replay of log files doesn't take that long and with a DAG setup it is not even downtime. The online archive keeps the folder structure, it just moves it into another mailbox that is automatically attached to outlook. If it is more than 2 years old and was for customer b, it is in the customer b folder of the archive. O365 does the same thing.

Re:The elephants in the room

[amacide]

seems to run well even with ridiculously low resource allocations -- I've run 5 user servers in as little as 3 GB of RAM.

Couldn't help but LOL :-)

Money is the way.

[EzInKy]

Far too many people in this world dedicate themselves to profit rather than what would serve their fellow human beings the best. Never will understand why though. As a species, human kind has depended on the help of others to advance.

Re:Money is the way.

[Archtech]

I think you will find that "The Red Queen" by Matt Ridley explains it pretty well, in terms of game theory. Of course the game theory stuff is just analogical and suggestive, but I find it convincing.

Basically the default condition (just because it's mathematically the simplest) is where everyone is looking out for himself. That's the imaginary "state of nature" that Thomas Hobbes depicted in "Leviathan":

"In such condition there is no place for industry, because the fruit thereof is uncertain, and consequently, not culture of the earth, no navigation, nor the use of commodities that may be imported by sea, no commodious building, no instruments of moving and removing such things as require much force, no knowledge of the face of the earth, no account of time, no arts, no letters, no society, and which is worst of all, continual fear and danger of violent death, and the life of man, solitary, poor, nasty, brutish, and short".

Writing in the 17th century, of course, Hobbes knew little about evolution and nothing of ethology. His knowledge of pre-agricultural societies was drawn exclusively from the travellers' tales of those who had been to the Americas, Africa, or the East Indies. Thus he assumed, reasonably enough, that without formal states and societies people would have no communities at all. That turns out not to be the case, as hunter-gatherers normally live in groups ranging from family size to a few hundred - and they cooperate intensively.

Models of Hobbes' extreme case show that, as he expected, it's not good. People do vastly better if they cooperate, so we almost always find society developing naturally. People develop morals, and come to expect honesty and straight dealing - even altruism, which is often repaid.

Now here is the interesting part: in a society where 19 out of 20 are honest, a tempting niche opens up for those who aren't. By pretending to be honest, these criminals (or banksters, politicians, marketing executives, lawyers or whatever you want to call them) leech off the work of others to live comfortably with little effort. It seems that mathematics and nature are against efforts to make everyone good, because in a society where most people are good it is just too tempting to be bad.

Re:Money is the way.

[Archtech]

Sod it, wrong Matt Ridley book. Instead, try "The Origins of Virtue" http://www.amazon.co.uk/Origin...

Re:Money is the way.

[Jbcarpen]

Profit is theoretically a measure of how much you have served your fellow human beings. (yes, a lot of people have figured out how to cheat the system.) If I want someone to help me with some significant task, I offer them money, which allows them to purchase help with something else from someone else.

In societies small enough to not need money, help in return for help works just fine "You help me build a house today, I help you build yours tomorrow" In a large society, that doesn't work so well. The guy who builds me a house probably doesn't need my help building his, but he probably wants food, a car, gasoline, internet, phone service, etc... I may not be able to give him any of those, but I can give him money which he can then use to get those.

If someone has a bunch of money (that they didn't steal), then that indicates that someone did help a lot of people. It may not have been them (their parents, a generous friend, etc...)

Re: Money is the way.

[Archtech]

Yes, it's a vicious and persistent problem. Aldous Huxley nailed it over 50 years ago:

"One of the many reasons for the bewildering and tragic character of human existence is the fact that social organization is at once necessary and fatal. Men are forever creating such organizations for their own convenience and forever finding themselves the victims of their home-made monsters".

Here is the thing. You can only have limited government if the citizens are well educated, well-informed, and above all disposed to play their part in political decisions. But there has hardly ever been a state whose citizens were in that happy condition. The worse the government, the more it neglects education (perhaps deliberately) and the less the citizens are able to bear that part of the responsibility for government.

So the vicious circle arises: bad government, as it becomes tyrannical, prevents proper education; bad education leads to a poorly-educated, badly-informed, neglectful citizenry which in turn permits the growth of tyranny.

Re:Money is the way.

[benedictaddis]

Matt Ridley, the failed bankster?

Yes, the author of those brilliant books is the same Matt Ridley who was chairman of Northern Rock in 2007 when it experienced the first run in modern times, nearly collapsed, and was eventually bailed out by the state to the tune of £27 billion.

More on George Monbiot's blog, here: http://www.monbiot.com/2010/06...

Private e-mail servers are obsolete?

[marciot]

Because pretty much everyone uses gmail, yahoo, Office365 or some other mail service which already does spam filtering. The only person in recent history that I know of running a private e-mail server was Hillary Clinton and see how much good it did her...

Re:Private e-mail servers are obsolete?

[Overzeetop]

You're thinking to close to 2000.

How many corporations and, especially organizations, have moved to the Gmail hosted mail servers? My university moved to it 3-5 years ago. Most of the non-profits I run into are running it. For many it's worth the cost.

Re: Private e-mail servers are obsolete?

Sarah? Actually check that, there's no way you're Sarah Palin. You made a coherent statement. My apologies Ted.

Re:Private e-mail servers are obsolete?

[Z00L00K]

Many have also moved to Office 365.

But this with having Gmail or Office 365 - that's really to put your eggs in one gigantic basket.

Re:Private e-mail servers are obsolete?

[PPH]

large international IT services provider

no private email servers!

Reasonable advice mainly because of security issues (open relays and other misconfigurations). But private servers, or anything peer-to-peer are anathema to your companies business model. So I'd take that advice with a grain of salt.

Re:Private e-mail servers are obsolete?

[Dadoo]

Because pretty much everyone uses gmail, yahoo, Office365 or some other mail service which already does spam filtering.

I can assure you, this isn't true. Gmail/Office365 may be okay for some companies, but others (like mine) are pretty much required to keep their email in-house. I work for a health insurance company, and the risk of having PHI in the cloud is just too great.

The only person in recent history that I know of running a private e-mail server was Hillary Clinton and see how much good it did her

She wouldn't be allowed to use cloud-based email services, either, if she's sending emails containing sensitive national security information.

It Is Written

[De_Boswachter]

Why? Because the Oracle has spoken.

"Two years from now, spam will be solved." - Bill Gates

Simple

[EzInKy]

The vast majority of users don't give a damn about security. Their only concern is about what is happening to Aunt J who lives a couple thousands of miles away. She might leave them a hundred gazillion dollars to the most doting offspring after all. So curious here, what is the price of privacy?

Lack of market

[Todd+Knarr]

At the top end, the big tech companies like Google or Microsoft have their own spam-filtering systems in-house. At the bottom, individuals and entities too small to run their own mail servers either depend on Bayesian filtering in their e-mail clients or get email from one of the big tech companies. And in the middle, they either outsource their email to one of the big tech companies or can put together their own spam-filtering solution readily enough using available tools like SpamAssassin that're mostly open-source. End result: there's no market for spam filtering except as part of a complete email provider business on the scale of Google or Microsoft.

On word Spamhaus

[raydias]

I think Spamhaus has taken this market and anyone else will have a hard time competing and still be profitable to make it worth while.

Re:On word Spamhaus

[dskoll]

Spamhaus? Spamhaus is nothing but a DNSBL. It won't catch more than 60% of spam, and that's being extremely generous.

Labor costs

[tgibson]

It isn't profitable. It's enormously expensive to pay so many employees to read EACH AND EVERY email to determine if it's spam.

Few people still care about security

[CrankyOldEngineer]

I run a private email server on a hosted VM with Spam Assassin for me and my family. It's secure, private, and inexpensive. The biggest cost a a few minutes every couple months to keep it patched. Well worth it. My friends with gmail and yahoo addresses keep getting spammed, slammed, and pwned, but can't be bothered.

I'll go the other way here, spearphishing

[holophrastic]

In the past, spam was mass-flung with no real power. Filtering it was a relatively easy task, with an acceptable false positive rate and an even more acceptable false negative rate.

Today, while those spams still exist, between e-mail client junk folders and greylisting, the mass-flung spam is little more than an annoyance -- it doesn't have any real negative effect in term of dollars. Virus scanners catch those attachments pretty well too.

But now we have spear phishing -- real-world big-business, hand-crafted, artisan spamming. No spam filter is ever able to catch any of those. And they do real damage creating real monetary losses for big and small business alike.

So if your spam filtering business can catch the easy ones that do no real damage, and can't catch the hard ones that do the real big damage, then who's your paying market?

Re:I'll go the other way here, spearphishing

[dskoll]

This is true to some extent. Some targeted attacks are very hard to catch, though there are things you can do to mitigate them.

But you still need a filter to catch all the background crap that would otherwise overwhelm your inbox.

Re:I'll go the other way here, spearphishing

[PPH]

real-world big-business, hand-crafted, artisan spamming

Yes, more or less. The "big-business" stuff, I can handle. There's a profit motive and when they discover that there's no money to be made, they'll move on.

The stuff I worry about is based on other motives which people may not recognize as quickly. Our neighborhood has been the occasional target of several spear phishing attacks. Purportedly about security, police activity and local crime, we have received some carefully crafted personalized e-mail that turns out to originate from phony domains, set up with false local identification but from out-of-state origins. There are no obvious services being sold or evil links to click.

In my case, I am fortunate to have occasional contact with federal law enforcement (due to security clearances). When I mentioned the oddball e-mail at a recent review, I was told that there was an ongoing investigation into some domestic groups related to it. And not to click the links or in any way reply to the messages. That's fine in my case, but what about my poor neighbors who think that, because they are not being sold something, it must be OK?

Easier to herd ferrets on Adderall

[kheldan]

The time to have put a stop to spam email was long before Arpanet was even invented, let alone the Internet, or the Internet being opened up for access by the general public. The time to stop spam was way way back when the first bulk advertising mail to 'Resident' first occurred. If the U.S. Postal Service had said 'Hell, no!' to bulk mail, back in the day, we probably wouldn't have spam email now. As the situation stands right now, it's more or less impossible to stop, I'm sorry to say, and as such it's no mystery to me that any company that offers an anti-spam service would think twice about continuing to offer that service. Trying to herd ferrets on Adderall would be easier at this point than trying to stop the tsunami that is spam.

Can't Compete with Barracuda and Spamassasin

On the commercial side, there is Barracuda. On the free side, there is Spamassasin. That doesn't leave much room for others.

there are some good people still in this business.

[anon+mouse-cow-aard]

Full disclosure: my relationship with these people is as a happy customer for... I dunno around a decade for a mid-size organization of about 6000 mailboxes. Sorry if this reads like a commercial, I really am just that happy with these guys.

https://www.roaringpenguin.com... they provide and support CANIT PRO, which is basically mimedefang and spamassassin on a debian base, with dynamically updated blacklists and filtering rules. It works really well. David is one of the guys behind behind mimedefang, so you are also helping open source by going with these guys. The pricing for us was really decent.

They usually work with appliances, but we managed to use our own configuration to do some sweet stuff: we put the mail filtering cluster in the DMZ, along with the DB. but we put the customization interface is on an internal network. That way there is no firewall exception for the DMZ (ok except SMTP... can't avoid that one.) and the DMZ gateway doesn't need access to internal credentials at all (Active Directory in our case) It just knows that the interface machine on the inside is trustworthy. Even though the DB has no access to authentication services, the users can still customize their filtering to their desire.

I think for big companies, one concern is that I have never heard anyone rave about spam filtering. In terms of brand-awareness it is a completely one way street, Either people are satisfied with it, in which case they shrug, or they get irrationally violently abusive of the service, and have un-realistic expectations. It is a risk for any major brand to operate spam filtering, with literally no upside (ok, aside form revenue, but if it is a small part of a business, the reputation risk might outweigh the revenues.) Touching people's email brings out all the consipacy buffs you can imagine, and for some small but vociferous group they always have their own solution, and whatever the email admin does is crap. That's a thing that was great about Roaring Penguin's CanIT PRO when we rolled it out, it gave each user the ability to turn off the filtering entirely, if that's what they wanted.

It worked like a charm. Whenever we got some idiot (the truth hurts!) who thought they could do better, we just said fine, here is how to turn it off. Out of 6000 boxes, we had about 200 opt-out right away, most of them turned it back on within a few days, after a year it was down to 60 or so, and then when there were some malware infection episodes, it came out that their 'custom' solutions were not actually working that well, and everyone came back into the fold. Being able to let people opt-out saved us literally months of pointless arguments while letting us deploy good service for the co-operative many.

This was for about 7000 mailboxes, which is small as far as mail installations go these days. The real clients for this stuff is hosting providers and outsourcing companies (cloud based) I think the reason for large companies exiting the business is the huge trend of small companies to cloud, there just isn't much of a market for small email installs anymore... People are using huge hosted configurations. It's gradually getting dismantled now because of some organization move to a single outsourced solution with many hundreds of thousands of mailboxes...

Because it's a small market

[dskoll]

The anti-spam market is small, mature and shrinking as more and more companies outsource their email to Microsoft or Google. While it can be profitable, the actual numbers are way too small to interest behemoths like Intel or Google.

I happen to run a small anti-spam company. We're doing extremely well, but that's because we have low overhead and can survive quite nicely on the little slice of market share we have. But I have no illusions that my company will be the next Facebook or Google or whatever... we'll chug along steadily for as long as we want to, and we'll make a very nice living at it, but that's about it.

Re:Because it's a small market

[mysidia]

as more and more companies outsource their email to Microsoft or Google...

Wait until the cloud craze is over in 4 or 5 years, and businesses begin to get a few more years of experience: to start and recognize what the true disadvantages are / what they have actually lost, and what the extra costs are in this type of outsourcing, So they can make rational decisions instead of buzzword/cloud-initiative-driven decisions.

There have always been E-mail hosting providers....

One of the problems is, going with a large hosting provider, means your company no longer gets to set the operational policies, for example: you cannot block a new kind of abuse beyond what the provider does for you, And your org no longer gets to see and review the security posture of infrastructure --- for example: just seeing some audit logs might require a special support request with a hell of an expensive work order; Also, you no longer get an in-house e-mail admin team to go to for help; your support requests to report a problem with your mailbox will likely start with a call center in India.

There are of course additional security risks, and by using a hosting provider, your mailboxes may be additionally subject to NSA interception through off-the-record provider cooperation or other espionage.

Re:Because it's a small market

[dskoll]

Wait until the cloud craze is over in 4 or 5 years...

You think? I don't think it'll be over. I think it will continue to grow. For most businesses, running a mail server is a pain in the butt and not part of their core business.

One of the problems is, going with a large hosting provider, means your company no longer gets to set the operational policies

Most people don't care.

There are of course additional security risks, and by using a hosting provider, your mailboxes may be additionally subject to NSA interception through off-the-record provider cooperation or other espionage.

(1) most people don't care and (2) even if you run your own mail server, NSA can intercept anything they want. You have to work on the assumption that the NSA can intercept all traffic it cares to, and also that it can decrypt specific chunks of that traffic if it really sets its mind to it.

Re:Because it's a small market

[dskoll]

OK. Your thought processes are not typical of businesses who are the largest share of the spam-filtering market. For the most part, the convenience of not having to run their own mail server far outweighs any concerns over the NSA.

use ipv6 to get rid of the spam

[fredan]

put your mail server on a aaaa record only and you will see so little spam that you can filter it manually.

Re:use ipv6 to get rid of the spam

[dskoll]

That is actually not true. We offer a hosted anti-spam service and the ratio of spam-to-ham coming in over IPv6 is still pretty high --- major providers such as Google and Comcast are using IPv6, so it's no longer a "filter-out-the-lusers" protocol.

Re:there are some good people still in this busine

[dskoll]

Thanks for the vote of confidence! (I'm from Roaring Penguin and am the MIMEDefang gal). But actually I go by DIanne now.

Re:Isn't it obvious?

[Z00L00K]

There is no such thing as a free lunch. When there's no competition left then we will suddenly see such services being an extra cost.

The problem with Office 365 is also that you have no ability to control the spam filter - legitimate mails gets junked without your knowledge.

Re:there are some good people still in this busine

[anon+mouse-cow-aard]

I had no idea! It shows how long it has been since we needed to talk! Thanks for the great product, Dianne !

No clue why they are going away, but...

[Kargan]

Can't answer any questions about why the spam filtering services you mention are being discontinued, but the providers I work with that use a spam filter for their customers are mainly using Edgewave, with a smaller amount using Barracuda.

Hopefully because spam filters don't work

[damn_registrars]

Spam filters need to go away, as they only pass the buck along in the war on spam. They cost dramatically more than the sticker price (especially when they are "free") as the email is still sent, parsed, and quarantined. After that the filters need their rules updated regularly to catch the latest spammer tricks. Meanwhile as the spammers' botnets get bigger and more sophisticated it just gets that much easier and less expensive to send out spam.

If you want to end spam, you need to acknowledge that spam is an economic problem and spammers send out spam because they make money doing it. There is one and only one way to end spam, and that is to prevent spammers from making money off of it. No legal - or extralegal - action will slow it down by any meaningful amount. Interrupt the money flow and the spammers will find other work.

Re:Hopefully because spam filters don't work

Your post advocates a

( ) technical ( ) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Hopefully because spam filters don't work

[wvmarle]

If you want to end spam, you need to acknowledge that spam is an economic problem and spammers send out spam because they make money doing it.

So how are you going to do this? You do get modded "insightful" for this but in true business fashion you don't give any real solutions. Not even any hints to real solutions.Not even a solid and workable definition of what is spam, and what is not. Often spam is defined as "unsolicited' but what is "unsolicited" really? I put my e-mail address on my web site, asking people to contact me. Anyone can find the address and start sending e-mails on any topic - are these solicited or unsolicited? If you say it's solicited when about the web site, then when are they off topic?

Next, how are you going to distinguish a "spammer" making money off the e-mail messages from all the rest making money off of e-mail? So many legitimate news letters being sent around that result in making money. I have received many e-mails from people I didn't know yet asking me about my business, and whom I ended up doing business with - having found my contact in many different ways, e.g. from my listing at alibaba, which is also a common source of suspected scam e-mails.

Obviously a whitelist approach doesn't work.

Having people pay for sending/receiving e-mail doesn't work: who are you going to pay to? How are you going to pay? How to exchange payment information?

Maybe you can come up with working solutions to this. Solutions that only stop spammers (oh, and a clear definition of "spammer" would be good), but that leaves all other e-mail correspondence unaffected.

Re:Hopefully because spam filters don't work

[drinkypoo]

If you want to end spam, you need to acknowledge that spam is an economic problem and spammers send out spam because they make money doing it. There is one and only one way to end spam, and that is to prevent spammers from making money off of it.

The more you tighten your grip... the only ways to do that are to really clamp down on commerce to the extent that it would cause significant harm to economic activity in a way that would actually damage GDP, or to end capitalism

Re:Hopefully because spam filters don't work

[damn_registrars]

If you want to end spam, you need to acknowledge that spam is an economic problem and spammers send out spam because they make money doing it. There is one and only one way to end spam, and that is to prevent spammers from making money off of it.

The more you tighten your grip... the only ways to do that are to really clamp down on commerce to the extent that it would cause significant harm to economic activity in a way that would actually damage GDP, or to end capitalism

Actually, no. A really great example of what I am talking about was executed a few years back in part by a team from Georgia Tech. They figured out which banks were processing payments to some big-time spammers and had those banks stop processing those payments. I believe it took a little bit of pressure from law enforcement to get the banks to cooperate but they got it done. Nonetheless, once the spammers were no longer getting paid, they stopped sending out spam for the spamvertised domains.

A similar tactic works on the end of the owner of the spamvertised domain; if you prevent them from being able to process payments, they can't pay the spammers and the spam volume falls rapidly.

Missing the point?

[mschwanke97402]

Big companies like Google, Apple, Intel, etc. buy companies for access to their technology, for their patents and sometimes for their personnel. It is almost the normal thing for the purchased companies to be absorbed and their services to wound down. Google wants you to use nearly spam free G-Mail, not your own mail server or local ISP's mail service, so why would they continue offering a standalone anti-spam service? McAfee sells anti-spam as part of their security suites, why on earth would they sell the anti-spam service they've bought as an independent service under someone else's name?

Intel? Well who knows what goes on at Intel. My guess is that one management committee doesn't know what the other management committee is doing and haven't for decades now. Ditto Microsoft, IBM, etc.

Re:Missing the point?

[mysidia]

why on earth would they sell the anti-spam service they've bought as an independent service under someone else's name?

Because that was McAfee's business, and it was a bigger money-maker than a one-time license sale of some On-premises product.

That is.... until Intel bought McAfee and killed BOTH the On-Premise products AND the SaaS products.

I believe Intel has a specific purpose in mind for the McAfee acquisitions and it involves putting out their own product, not continuing to service McAfee's customers.

Also, McAfee's name was dirt anyways..... Intel probably wants a clean start, and I'm guessing from their point of view McAfee's E-mail solution customer base was a drop in the bucket (Not worth the opportunity cost to Intel).

Re:Isn't it obvious?

[mysidia]

legitimate mails gets junked without your knowledge.

That's a good start.... But how many 10s of dollars extra per month per mailbox, are you willing to spend, to have more control?

You might take a look at appriver

[klubar]

You might take a look at appriver secure tide (https://www.appriver.com/services/spam-and-virus-protection/) email filtering. It's SaaS email filtering that you put in front of your smtp server. It has reasonably good controls and does a better than average job. It's reasonably priced.We use it and have been happy with the filtering quality, price and support.

Barracuda networks also sells a SaaS spam filtering service, haven't used it, but have heard good things about it.

By the Architect, may his dividers never slip

[Hognoxious]

I'm not saying it's the Freemasons, but it's the Freemasons.

Re:Isn't it obvious?

[Z00L00K]

What is the price of a lost important mail?

Re:Isn't it obvious?

[mysidia]

What is the price of a lost important mail?

It's pretty much zero, because if the email is important enough to actually matter, you will be asking the recipient to let them know, and contacting them over another channel, if they didn't get it.

So if the important mail is "lost", the actual price is attributable not to the loss of the E-mail, but human error in not anticipating the possibility of a lost e-mail and making sure the message gets through.....

I think the GP's point

[rsilvergun]

was that most companies running exchange were just using Microsoft's spam filtering. This is like when people tell me the market for Mac users is huge. Yes, there are a lot of Mac users and they _do_ have lots of money, but the trouble when writing business software for them is you have to take out all the users who aren't willing to go out and buy a $300 PC to run your software :(...

prospective clients

[bigtreeman]

Spammers would be prospective clients for Google advertising services
and be targets for Google to spam.

Difficult problem to solve on private email server

[Codeyman]

It is a tough nut to crack unless you have access to the complete mailboxes for the following reason:
- Any sort of AI/neural net/bayesian net is going to be only as good as the sample you train the system on. In most cases, it is easy to accumulate spam mails (honeypots etc), but it is hard to get hams (good mails). No enterprise customer would donate his "good mails" for research purposes.
- Running any sort of optimized neural network on customer box (via some sort of toolbar etc) doesn't help, because that is the first thing they disable.
- People are more likely to delete a mail rather than report a spam mail. Without access to usability data from their mail client, this causes more spam to more or less leak through.
- Spams are generally targeted regionally. A spam received by a person in USA is very different from the spam received by a person in China. This further restricts the accuracy of spam filters.
(Now these are not a problem for Google/Microsoft etc who have access to all these data)

Which leaves only secondary ways of detection:
- Black list/pink lists/grey lists .. these are reactive rather than predictive, so some spams will always get through.
- Rule based (regex/strings): Needs to be updated constantly, is less scalable, and needs a lot of multilingual people to stay up to date. Not very scalable.
- Reliance on the likes of libspf, which is still not as widespread as we'd like it to be.

Most email spam engines to my knowledge can easily catch upto 95% of spam.. may be 99% on a good day, but that remaining 1-5% earns them the ire of their customers. It seems to be just a labor intensive job, which is just not as rewarding as we'd like.

Re:Isn't it obvious?

[Man+On+Pink+Corner]

That doesn't work. It's not always apparent what's important, or even who's important, until much later.

no market

[um...+Lucas]

Probably because so many companies are moving to cloud based email, where its on the provider to filter spam rather than the Exchange administrator, that the market's just not there anymore. Besides, there's freebies like spam assassin that can help a lot for many organizations.

Re: use slack

[dkegel]

Alas, yes, slack is partly replacing email where I work. One more medium to have to follow. BTW Google almost moved to Exchange in 2008 or so... IT wanted to, but upper management nixed it for obvious reasons. (And there was much rejoicing.)

5 years

[argee]

Did Microsoft do the 5 year thingie with the Nokia purchase?

Re:there are some good people still in this busine

[VoxBoston]

We've had good experience with Mailroute.net - actually replaced hardware Barracuda 300s with this, never looked back. Mailroute doesn't archive messages, just filters and forwards, so it won't help you if a you / a user deleted a message and you'd like to get a copy back from the 'backup'. But for basic filtering - really good, quite inexpensive. And for us the cost was really more about the $$ necessary to keep a Barracuda alive in a data center plus the yearly spam update subscriptions. It worked out to something like $2K / year for one Barracuda 300, and Mailroute is a fraction of that. YMMV / FWIW

Hard problem

[NialScorva]

Somewhat of a matter of approach. Most of them keep iterating on the same techniques in a constant arms race. Just so hard to make much more than an incremental progress and differentiate from everyone else.

I like the approach being used by Atriceps (http://www.atriceps.com)-- they're flipping the problem on it's head with a consent-based approach that looks for valid content and reputation, rather than exclusion.

Disclaimer: My company was in the Fall 2015 cohort of the Mach37 Cyber Accelerator with them.

Electronic Spamming dates from the 1930s

[tigersha]

Spamming is much older than ARPANET

http://blog.modernmechanix.com...

In those days bombing could solve the problem for real. But in all seriousness, this is why there are international laws about broadcasting into another country's territory. A law that Radio Free Europe conveniently ignored during the cold war.