E-mail\u00a0security\u00a0consists of five critical components:\u00a0spam\u00a0and fraud prevention;\u00a0virus and worm\u00a0protection; policy and content compliance; e-mail privacy; and\u00a0intrusion prevention. Managed service providers address only two of these components: spam and viruses. Deciding to use a managed service rather than handling e-mail security in-house means leaving your organization vulnerable to threats that include policy violations, fraud, eavesdropping and intrusions.Anti-spam technology has come a long way. Two years ago, products competed strictly on effectiveness. Six months later, false-positives raised concerns, and products began to compete on accuracy. A year ago, the administration of anti-spam point products became a hot topic. Today, companies demand anti-spam products yielding high effectiveness, maximum accuracy and low administration, which both the top managed services and in-house offerings can deliver. The other side by Dan Nadir Face-off forum Debate the issue with Nadir and Judge. Much like anti-virus, anti-spam is becoming a commodity. Everyone needs it; both managed services and in-house solutions offer it. But the responsibility of an e-mail security provider does not end with anti-spam and anti-virus. In fact, it's just the beginning.While managed services claim to have policy enforcement capabilities, companies require much more robust capabilities than providers offer. E-mail security products must be able to prevent content and policy violations for inbound and outbound traffic, and provide comprehensive content filtering, monitoring and reporting capabilities. Only in-house offerings provide this level of policy and content compliance. If your e-mail security provider isn't equipped to recognize and prevent policy and content violations, you don't really have e-mail security.E-mail privacy is becoming a critical requirement for organizations concerned with intellectual property theft, eavesdropping and regulatory compliance. And as e-mail has been progressively more subject to snooping and other fraudulent activities, organizations are prone to new threats, and can run afoul of government and industry regulations. Protecting e-mail in transit is no longer just an option for organizations; it is a necessity. Again, in-house e-mail security products, not managed services, bring this expertise to the table. If your e-mail security provider cannot provide encryption capabilities, you don't really have e-mail security.Lastly, managed services cannot provide intrusion prevention for e-mail systems. Properly architected in-house offerings act as a single, protected gateway to defend against threats and intrusions targeted at the e-mail system, utilizing an e-mail firewall and intrusion-prevention capabilities to protect against attacks.If your e-mail security provider cannot protect your company from attacks, including\u00a0denial-of-service\u00a0and\u00a0buffer overflows, you don't have e-mail security.While some organizations may outsource anti-spam and anti-virus protection, no organization can outsource its e-mail security.Judge is CTO for CipherTrust, a global e-mail security company in Atlanta. He can be reached at firstname.lastname@example.org.