E-mail please, hold the spam
Three server-based software products keep unsolicited e-mail from wasting users' time.
Whether it's a seldom-seen nuisance or an in-box clogger, e-mail spam is annoying. There are numerous programs to can spam at the client level, but a better solution for most organizations is to shut it off at the server.
We tested three products that seemed to be strong in different categories. Our winner, Lyris Technologies' MailShield, wasn't the flashiest program or the easiest to use, but it was best at the main task - stopping spam. Computer Software Manufaktur's Internet Mail Scanner was a close second. It didn't have quite the power and flexibility of MailShield when it came to catching spam, but it's still a very effective tool, with a nice administrative interface and good statistical and reporting tools. GFI Fax & Voice's Mail Essentials, which has less flexibility in fighting spam than the others, has many other nice features and was the only package that had additional features if it was a front end for an Exchange system.
The spam stops here
The real meat of these products is their ability to stop unwanted e-mail from wasting your users' time. The products intercept messages with questionable content and delete them or let an administrator decide what to do with them.Holding message headers up to scrutiny is an easy and effective way to screen mail. There are two ways to use this technique - verification and authorization. Verification checks to make sure the addresses in various tags are valid. A message claiming to come from the bogus domain Make.Money.Fast would be nixed because this address wouldn't return a valid response from the Domain Name System (DNS).
|
Lyris' MailShield is the most flexible at scanning for spam. It has more options than most e-mail administrators will know what to do with. Its only drawback, compared with the other two products, is its inability to provide antivirus scanning.
MailShield can verify and authorize most fields outlined in RFC 822, the standard that defines Simple Mail Transfer Protocol (SMTP) mail. In addition, MailShield can limit the number of recipients who can receive a single piece of e-mail or simply slow the delivery down above certain thresholds.
MailShield also includes an interesting feature known as tarpitting. Used to discourage spamming, tarpitting is triggered when mail arrives from a domain or TCP/IP address that you have blacklisted ahead of time. MailShield will accept mail from this host, but it delays a specified amount of time between every command sent by the originating host. Effectively, it slows mail delivery from that host to a crawl without affecting performance on the receiving server. As the number of messages grows, the time adds up and the originating host must stay connected the entire time for delivery to be complete.
MailShield can also scan messages for strings that indicate spam. These strings can be single words, such as "XXX," or entire phrases, such as "make money fast." MailShield can also check the size of a message and check file attachment names. For example, you could have MailShield check for attachments called happy99.exe, or other well-known carriers of doom and gloom, and drop them.
MailShield handles offending messages in different ways. It can simply delete them, forward them to an administrator or let the message be delivered but prefix the subject with a tag, such as Suspected Spam.
In addition to its native capabilities, MailShield works with Internet-based services that help people eliminate spam. For example, the nonprofit Mail Abuse Prevention System maintains a Realtime Blackhole List (RBL) of known spam sites. Though disabled by default, MailShield can check with this service. However, using RBL can eliminate legitimate mail in some instances. If one person on America Online sends a spam message, RBL could mark AOL as a spam site, punishing many for the act of one. Lyris recommends using RBL only if the possibility of rejecting valid mail isn't critical. MailShield also works with the group's Dial-up User List (DUL) of TCP/IP addresses from ISPs known to have spammed.
Internet Mail Scanner
Computer Software's Internet Mail Scanner has an interface that is much easier to use than MailShield's. Internet Mail Scanner employs most of the same verification and authorization techniques as MailShield. Verification of addresses can be set for the From, Sender, Return Path and Message ID fields.Additionally, there are five more options, enabled by default, to automatically flag messages as spam: a missing or empty To header; a missing Subject header; or the inclusion of an X-Warning or X-Authentication Warning header. The omission of a To header can indicate that a message wasn't intended for a particular user; spam is often sent to users as carbon copy or even blind carbon copy recipients. Missing subject headers are a way of enticing users to open a message to see what's inside. Finally, various mail handlers can add the X-Warning and X-Authentication Warning headers if they are suspicious of the origins of the message.
For authentication, Internet Mail Scanner uses a text file that holds lists of users, domains and TCP/IP address ranges from which you do not want to receive mail.
As far as content scanning, Internet Mail Scanner only checks the Subject header for words or phrases. The same configuration file that holds the offending users and addresses also holds words and phrases that Internet Mail Scanner should consider as spam.
Internet Mail Scanner has one content-scanning feature that MailShield lacks. Internet Mail Scanner has two antivirus engines built into it, one by Trend Micro and the other by McAfee, which is the default. It also scans compressed attachments. Updates to the virus definition files are available as a separate subscription service.
Internet Mail Scanner can drop messages that are larger than a settable threshold in two ways: It can politely accept the entire message, then drop it, or it can terminate the connection as soon as the limit is hit. The default size limit is only 19K bytes, but enforcing this limit is not turned on by default.
Like MailShield, Internet Mail Scanner can take advantage of the RBL, but it doesn't support the DUL.
Mail Essentials
The third product, GFI Fax & Voice's Mail Essentials, has a variety of features but doesn't give you as many configuration options as the other two products.When holding SMTP headers up to scrutiny, Mail Essentials only looks at the From header, but it can refuse an e-mail that doesn't have a header or has an invalid header. Mail Essentials can also be configured to refuse mail from domains you specify.
Mail Essentials does better in the arena of content scanning by employing a two-tier approach to checking messages. First, it can simply delete messages that contain key words and phrases, either in the subject or in the message body. But Mail Essentials can also forward questionable messages to an administrator for review. Mail Essentials terms this action "quarantining" the message. When a message is quarantined, an HTML version of the message is sent to an administrator, who can either approve the message to deliver it, delete the message, or delete it and notify the originator that the message was not delivered.
An interesting feature of Mail Essentials is the ability to block messages that are PGP-encrypted. Encrypted messages cannot be scanned for content, so allowing them to pass implies trust of the originator. Most spammers don't go to the trouble of looking up users' public PGP keys.
But Mail Essentials includes this feature for another reason. Mail Essentials can automatically encrypt all outbound mail passing through it using PGP if it has the proper public key. By installing PGP, which is not included but is available free to nonprofit and educational organizations, Mail Essentials can maintain a "key ring" of sites that use encryption. For example, if there is a company with which you do business, you may want to protect the content of your messages to them, but not messages to everyone else. Mail Essentials can see that a message is destined for a host for which it has a public key and automatically encrypt it. Likewise, when Mail Essentials receives a message from that site, it has the key to automatically decrypt it.
If Mail Essentials sees a message that is still encrypted when it tries to scan it, that indicates a user is trying to decrypt messages on his own at the desktop. The administrator can force users to use only the corporate encryption schemes.
Mail Essentials, like Internet Mail Scanner, can scan messages for viruses, but the engines are not included as part of the license. It knows how to interact with four popular engines (McAfee, Dr. Solomon's, Norton and F-Prot) or a custom scanner that accepts command-line parameters.
Mail Essentials doesn't currently use any of the Internet-based antispam services, though previous versions could use the RBL. Due to user requests, the company said it will probably bring the RBL back in a future release.
What about the middleman?
The flip side to spam is relaying. When a message is relayed, it is first sent to a host that in turn delivers it to the final recipient. This technique gives spammers unwarranted credibility by having their mail appear to come from a trusted source. But most legitimate mobile Internet Message Access Protocol clients need to relay their messages through a host, too. How do you let authorized users relay mail but keep unauthorized people out?Lyris' MailShield lets you specify domain names and TCP/IP address ranges to allow or reject relay attempts. For example, you can let your internal users relay e-mail out, but not let foreign e-mails be relayed from your site to another site.
Computer Software's Internet Mail Scanner has similar antirelay functions turned on by default. Those defined as internal users can relay mail out through Internet Mail Scanner. You can also configure external users who are able to relay through the server, but not a whole domain. In addition, you can configure what days of the week and times of day relays will work. It has extra configuration options for handling relayed mail that slightly edges out the competition.
GFI's Mail Essentials prohibits receiving mail that isn't addressed to one of its internal domains. Relay checking is enabled, unless Mail Essentials doesn't know whom to protect, which would happen only if you deleted all local domain information. But there is a setting in which an administrator can define which domains are allowed to use it as a relay server. This can further be scrutinized by an IP address. Additionally, Mail Essentials can be configured to relay outbound mail destined for certain domains to mail servers other than the default.
Management
Having these programs up and running is nice, but there are times when you also need to customize them. MailShield lets you modify its rules, which are written in a proprietary scripting language.Internet Mail Scanner can be configured to send a notice to administrators when it has relayed mail, received spam, found a virus or received a mail bomb, Internet Mail Scanner's name for an e-mail message that is above the size threshold. When it finds spam or a virus, Internet Mail Scanner can send you a copy of the offending message. There is also an advanced alerting feature that notifies you when specific addresses pass the scanner, whether inbound or outbound.
In most cases, configuration changes take effect when you click on the "apply" button or close down the configuration tool. There are a few well-documented instances when a configuration change requires restarting the service, but these are changes that don't happen frequently, such as changing the virus scanning engine.
Mail Essentials also commits changes immediately and doesn't rely on any accompanying text files.
In addition to making changes, it's also good to be able to check up on the software, make sure it's running right and even get some statistics about how much work it's doing for you.
MailShield lacks remote monitoring tools, and its log files can only be viewed at the server itself. MailShield can log on to a file on the host system or place entries in the host machine's event log - the Event Viewer for Windows NT or the syslog utility on most Unix systems. While this helps you get a handle on the instances of bad mail, it doesn't show you how much "good" mail is being passed, and it certainly doesn't give numeric values for a quick and dirty comparison over time.
Internet Mail Scanner has a nice companion utility called the Remote Watch Monitor that lets you see exactly how much traffic it handled, how much of it was spam and how much was relayed. It keeps a running total, as well as a graph of the last 40 seconds, and tabulates the number of viruses caught.
The Web Monitor that accompanies Mail Essentials lets you remotely attach to and check the health of the server. It can access the delivery queues, logs for each day's sent and received items, and a log of all sent and received items.
More goodies
In addition to some features mentioned earlier, MailShield can archive messages off to a disk as they pass through the server. This could be particularly handy to sites where e-mail is considered public record and the organization needs to keep copies without burdening users. MailShield was available on the most diverse list of platforms, including all Windows platforms, Solaris and Linux.Other than the inclusion of virus scanning, Internet Mail Scanner sticks to the basics. It doesn't include features that aren't part of its core task.
Mail Essentials has the largest goodie bag. Besides the features mentioned above, Mail Essentials can archive your e-mail, inbound and outbound, as it crosses the server. It can also compress attachments that weren't compressed when they left the desktop. If the size gain achieved by compression is better than a threshold you can set, Mail Essentials automatically zips up the attachments, even compressing them to a self-extracting archive if you wish.
Mail Essentials can be configured to send an automated reply if it scans a message destined for a particular user. The condition for the autoreply can be tied to text in the subject. For example, if the sales account receives a message with the word "order" in the subject, an autoreply can be generated to thank the sender for the order, and to assure the sender of a timely response. The software can even create a tracking number to tie the automated response to the original message.
Installation and documentation
Installing Lyris' MailShield was straightforward and took very little time. However, configuration is another issue. Most of MailShield's filters and functions are governed by text files that you need to manually edit to change. Even though each file has a descriptive header, it's troublesome to remember which file controls what. The software needs to be more helpful in walking you through modifying the configuration. The program lets you specify how frequently it checks for a new configuration. Keep this interval short when you're first getting the hang of things, then lengthen it once you're sure things are working the way you'd like.The HTML-based documentation for MailShield is useful and thorough, though we would have liked some printed documentation, as well.
MailShield also installed quickly and painlessly as a NT service. When configuring the software to tell it details of what server it's delivering mail to and where to send outgoing mail, terms such as "client" and "server" get a tad confusing. But even if you enter the information incorrectly, you'll quickly find your mistake when using the straightforward administration tool.
Like MailShield, Computer Software's Internet Mail Scanner's documentation is presented in HTML format. It includes example screen shots of each pane and a description of the fields, but it's pretty thin. Some of the sections would benefit from a few extra paragraphs of detail and better examples.
GFI Fax & Voice's Mail Essentials was also a straightforward install. It is the only one of the three products that can tap into Microsoft Exchange to enable content scanning based upon specific Exchange users. The process is simple. When completed, the Mail Essentials tabs are visible from the Exchange administration tools, as well.
Mail Essentials gets credit for providing complete printed manuals, but its online documentation comes only as Windows Help files.
Conclusion
Each product we tested has its own niche. If you want raw power, configurability and good multiplatform support, look no further than our winner, Lyris' MailShield. If you want a solid performer with a cleaner interface and better reporting, Computer Software's Internet Mail Scanner may be right for you. And if you want a nice tool with lots of extras, especially if you're running Exchange, give Mail Essentials a look. All in all, you won't go wrong with any of them.
RELATED LINKS
Interactive scorecard and NetResults
See how we ranked the apps, then change the weightings to more accurately reflect your requirements (interactive part requires JavaScript). Also has key findings and vendor contact info.
