Symantec's new Mail Security 8100 Series appliance offers a twist on spam management. It limits the amount of network bandwidth spam can consume. In our exclusive Clear Choice test of the Mail Security 8160, we found that when the bits start flying it manages the load on corporate mail servers quite well, providing a good first line of defense in reducing the amount of spam that enters the network.

Placed in-line between corporate mail servers and the Internet, the Mail Security 8160 appliance (Symantec picked up the technology last year when it bought TurnTide) categorizes e-mail traffic flowing through it into one of 10 buckets based on the spam history of the originating IP address. It then manages the amount of bandwidth each bucket can consume.

The Mail Security 8160 determines an IP address' spam history in two ways. It's connected to Symantec's Brightmail on-line service - a requirement to using this product - which provides a global view of IP addresses that have been sending spam. Second, the Mail Security 8160 contains the Brightmail engine and analyzes e-mail traffic to determine the spam content for each IP address. Every IP address falls into a bucket based on a percentage: How much of the mail received from this IP address is spam?

Although you can control the throttling parameters within each bucket, Symantec ships the Mail Security 8160 with a set of example values that represent a staged approach to implementation. The bandwidth controls set against the offending IP addresses get more aggressive as you move from Stage One to Stage Five. Note that the 8160 only shapes mail traffic on the SMTP port (Port 25). It doesn't control any other traffic or mail on other ports.

The Mail Security 8160 is designed to handle a huge volume of e-mail, and it lives up to those claims. Symantec claims a capacity of about 550 messages per second, but our testing showed it topping out at 850 messages per second. That's a massive number of messages, almost 75 million a day. If you were going to send that much mail through this product, you'd want a high-availability solution, and the Mail Security 8160 is designed to operate as an active/passive two-node cluster with automatic failover and database synchronization.