Evaluating Third-Party Antispam Products | Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)

A wealth of third-party products purport to reduce or eliminate spam from your network. An up-to-date list, along with capsule reviews of many products, can be found on this book s companion Web site, http://www.e2ksecurity.com. Instead of including product information that will become outdated over the life of the book, I ll suggest questions to ask when you re considering which product to purchase and use.

Questions About Cost

A few fortunate organizations have essentially unlimited budgets . For the rest of us, the first thing to evaluate about spam blockers is their cost.

How much spam do you actually get? Normally, the amount of spam received will be a function of how many mailboxes you have. Some users will get more spam than others. For small amounts of spam, a commercial spam-blocking product will probably cost you more than it s worth.
How many SMTP virtual servers do you have, and how many accept Internet mail? Most products offer per-server licenses, so the more SMTP bridgehead servers you have the more you ll have to pay, unless you funnel all of your inbound mail through a spam filter or filtering service.
Are there acceptable products available from the same vendor that produces your antivirus software? Can you get a package deal?
Does the product you re evaluating run on an Exchange server? Is it a separate appliance, or does it require a separate server?

Questions About Capability

Leaving aside the cost of a blocking product, you ll certainly want to know whether the products you re evaluating will do what you want them to. All current products do a tolerable job of blocking spam, but you should ask the following feature- related questions as you evaluate them:

How does the product work with Exchange? Is it a separate appliance, an SMTP proxy of some kind, or a plug-in for Exchange? If it s a plug-in, does it use the Exchange event sink mechanism or some other integration method? Event sink “based tools have the advantage that they can set the SCL for messages to enable automatic filtering, but they require you to run third-party code on your Exchange server; this has supportability and stability implications that you should consider carefully .
Is there a way for you to control how the product flags messages as spam? In particular, can you filter messages based on content (including subject- line filtering) or only by their origin? If the product allows filtering by content, how easy is it to change the list of filtered terms? Some products provide a canned database of rules or filter terms, but better products let you customize the list, and the best automatically download updates to the list when the vendor releases them.
Does the product just match keywords, or does it use heuristics to catch spammer tricks such as including asterisks between each letter of words like teens, porn, Viagra, or mortgage? If the product uses heuristics, can you adjust them? Is there any way to tell why a particular message was tagged as spam?
What happens to messages that appear to be spam? Can users still get to them? Will the program automatically delete the messages if you want it to? Is there a way to say this message really isn t spam for a particular message or sender?
How hard is it to specify that a sender is legitimate ? After all, you don t want to have to manually edit your filters every time one of your users subscribes to a newsletter or other regular mailing if you can keep from it.
Do users have to do anything to make the product work? If so, can you use group policies or some other mechanism to set up (or enforce) a configuration?
Does the product depend on any outside service, such as a DNSBL provider or DCC service? Do you get to choose which particular service the product uses? Does the service cost extra?
Can this product be integrated with an antivirus or content-control package?