E-mail security services square off
Although the MessageLabs service is relatively expensive, it also offers the most features and best performance among its rivals in this test. Now that the company is part of Symantec, which makes the Brightmail appliance, the consistent top performer in appliance tests over the past few years, maybe some of the irritating foibles will be fixed.
Microsoft Exchange Hosted Filtering Services
Formerly Frontbridge (long a leader in anti-spam services), Exchange Hosted Filtering Services (EHFS) is available in typical Microsoft fashion: The service offers great features, including anti-virus, using multiple engines, encryption, and disaster recovery. It's adept at stopping spam, preventing 97.5 percent of unwanted messages from coming through, while stumbling on 11 false positives and one critical false positive (see test results). Moreover, it's easy to set up, manage, and use -- especially with Windows-based e-mail systems. On the other hand, pricing is hard to nail down, though large customers get great price breaks. Also, as one might expect from Microsoft, using the service with the Firefox 3.0 browser did not work well, although Firefox 2.0 was OK.
Getting started with EHFS was quite easy: The process of setting up users can be automated so that administrator intervention is not required. Syncing with Active Directory was a snap -- and synchronization with versions of LDAP should work well too.
User log-in is straightforward. Passwords can be set to high security levels, requiring upper- and lowercase letters, numbers, and symbols, as well as a minimum length. You can even require users to choose password that are in any dictionary.
Notifications sent to users regarding quarantined e-mails are easy to read. Moreover, the user portal is simple and direct, which should minimize user support requirements.
Admins will find (screenshot) the service's policy engine to be powerful and easy to use, offering a high level of granularity for both individual users and groups. Additionally, EHFS offers potent content-filtering features for enforcing HR policies and controlling the distribution of intellectual property. You can set the content filter to look for specific file names or document types. You can even scan attached documents for specific phrases. Admins can choose to have the service block a user's attempt to send a document containing restricted content; alternatively, an admin could have the system notify a designated auditor of such attempts.
The service's reporting and auditing features are both powerful and well thought out. Creating customized reports is a snap, so you needn't rely on pre-defined reports if they don't meet your requirements. Additional features such as encryption and disaster recovery are easy to use and well integrated.
Pricing for Exchange Hosted Filtering Services starts at $1.75 per user per month for a small business (with a minimum of five users). Pricing may be much less in large volumes (there are no published fees). As a bonus, many Microsoft customers may be able to use Exchange Hosted Filtering at no additional charge through the Exchange Enterprise CAL, Microsoft Enterprise CAL, or Forefront Security Suite.
With excellent performance and usability, as well as pricing that may be included for Microsoft enterprise customers, Exchange Hosted Filtering Services offers a lot of capability at a price that is pretty good -- probably.
MX Logic Email Defense Service
Geared toward large enterprises, MX Logic's Email Defense Service (EDS) offers a nice array of features, including anti-spam, anti-virus, content management, and e-mail continuity, all at a very low price. Unfortunately, its spam-stopping abilities, though acceptable at 95 percent, were near the bottom of the barrel in this roundup. I found a relatively high number of false positives as well -- 96, along with four criticals -- meaning users who receive a high number of legitimate bulk e-mail will need to whitelist a lot of messages (see test results).
Setup was trouble-free, with automatic provisioning of users and easy access to settings on a per-user, per-group, or per-domain basis.
The end-user UI is also well designed, suited for even the most unsophisticated user. Users receive spam reports listing quarantined messages, along with links for automatically logging in to the user portal and allowing whitelisting or blacklisting easily.
Among EDS's extensive feature set is e-mail continuity. If the local mail server fails, users can view undelivered messages via a Webmail interface.
MX Logic's policy engine is among the most granular among the services I tested, and relatively easy to use. (MessageLabs fared slightly better in this area.) Policies can be tailored to flag both incoming and outgoing messages for racially insensitive terms, obscenity, or sexual overtones. Moreover, the engine can look for attachments, Java, or other potential exploits, as well as URLs or other links in messages. Reporting defaults to month-to-month (screenshot), but adding custom reports is easy.
Pricing for MX Logic EDS is good at higher volumes: $1.60 per user per month for 1,000 users (or $2 with message continuity service) and 99 cents per user per month for 5,000 users ($1.26 with message continuity). There are no setup fees, and 24/7 live telephone and Internet support is included. Online training for users and admins is available every week, and online or phone help is based in the United States.
Thanks to MX Logic EDS's excellent feature set and very low pricing at high volumes, the service's less-than-stellar spam-filtering performance is easy to overlook. If your users don't receive a lot of bulk e-mail or are willing to spend a couple of weeks whitelisting messages, they'll probably find performance perfectly satisfactory.
SECNAP Hosted Email Security Gateway
Although not without its strengths, SECNAP came away with the lowest overall score in this roundup. Its general spam-stopping capabilities were just fine at 97.5 percent; however, it had more false positives than any other service in this test -- 133, along with 10 criticals -- a problem that persisted throughout my review (see test results). On top of that, I was often frustrated with both the user and management interfaces.
Its other features are comparable to the rest, with anti-virus and content management. It doesn't offer built-in word lists for content management, but does include an encryption capability.
If you set up accounts through the service, you'll find that SECNAP requires users to create a strong password that includes uppercase and lowercase characters, as well as numbers and symbols. Once again, this practically ensures that users will write down their passwords somewhere (or call the help desk frequently). If, on the other hand, you create accounts using directory synchronization, you'll find a single sign-on feature allowing users to log in to the service with their standard Windows domain credentials.
SECNAP has a trait that admins will likely find quite frustrating: Whenever you make or accept changes to settings, the screen will take a long moment to refresh, sometimes twice. Also irritating: Accessing a quarantine directly is impossible. Rather, admins have to manually log in from another computer (because log-in info is cached) before they can get to the standard user-level quarantine access. Alternatively, you have to generate a quarantine report, send it to yourself via e-mail, open it, click on the embedded Web link, and then enter the user log-in embedded in the message before you get to the actual quarantine. In every other appliance and service I've tested, admins can click on a menu item from within the admin UI to access the quarantine.
Also, it would be nice if there was a way for an administrator to mark spam with a standard addition to the subject line and then set up a rule on the company e-mail server to direct those marked messages to users' spam folders. As it stands, users will have to access the service's Web site to deal with those messages.
Users will also suffer some annoyances with the SECNAP interface. After marking and releasing a message from quarantine, users will be taken to the first page of the quarantine. Additionally, when a user releases a message from quarantine, it still shows up in the quarantine with no indication of success.
Reducing false positives proved troublesome in my tests. Unlike with all the other services, the average number of daily false positives did not drop off over the course of the test. There were several reasons for this: First, when you click on an item, you can release it and whitelist the sender, but only as the exact sender's e-mail address (e.g. 19378979id@lists.techtarget.com); there's no way to whitelist an entire domain or add wildcards to an address before whitelisting. This means that whitelisting bulk e-mail from a sender that adds a random character string to each message is impossible.
Second, some odd default rules in the anti-spam policies can produce false positives. For example, RFC standards forbid using eight-bit subject lines in headers. Thus, if a message's subject line contains even a single eight-bit figure, such as foreign symbols, the registered character, or the trademark character, the message ends up in quarantine -- even if there's nothing else odd about it. This can be defeated, but only if you know what to look for -- and there's no obvious reason to change a setting called "header checks disabled."
Third, there were some disparities between the "apparently from" domain and the actual sender. For example, a message may appear to be from dean.deluca@deandeluca.com, but the actual sender is aaap58ok8lbnv3borzuixbnlhra_m6fo06euyrf15u5t9f@ddfoodwine.b.topica.com. (This is common practice for bulk e-mailers.) However, there's no way for the user to see or whitelist the actual sender, and whitelisting the "apparently from" sender doesn't let messages through.
Finally, when the high number of false positives continued to be an issue, I disabled Sender Policy Framework checking (SPF is a standard intended to help identify illegitimate e-mail). Not only were a lot of legitimate marketing messages still being stopped, but there were a number of critical false positives afterwards as well.
To SECNAP's credit, admins are provided with a high degree of granularity. You can assign limited rights to a lower-level admin to look up, release and query e-mail records, set default domain policies, and whitelist and blacklist messages. You can also permit users to log on and look at their e-mail logs, reports (screenshot), and quarantine (if enabled), set their own policies, and whitelist and blacklist messages.
The service also offers multidomain support. You can create different administrator accounts and policies for different domains (company1.com, company2.com, etc.) Additionally, companies can set up virtual domains ending with ".net," ".info," ."corp," and the like, even if their "real" domain is ".com." Thus, messages sent to user@company.net or user@company.info will still go to the intended recipient at user@company.com. All policies would be created on the real domain.
Pricing for SECNAP is very reasonable at $1 per user per month for 1,000 users. However, despite the service's reasonable cost, as well as its nice multidomain support and good administrative features, the ongoing problems I experienced with false positives make it difficult to recommend SECNAP to organizations where users need to be able to receive much bulk e-mail.
Trend Micro InterScan Messaging Hosted Security
InterScan Messaging Hosted Security (IMHS) from Trend Micro demonstrated excellent spam-busting performance in my testing: It stopped 97 percent of the incoming spam, with just 12 false positives and one critical, landing it in third place by a very small margin. Additionally, false positives and critical false positives were very low (see test results). Furthermore, Trend Micro offers basic features such as anti-virus. Advanced features include content management, for both enforcing HR policies and protecting intellectual property. The icing on the cake here is the pricing: At 1,000 users, it runs $1.06 per user per month for the basic feature set and $1.60 per for the advanced feature, making InterScan the least expensive offering in this roundup. Even better, Trend Micro's is the only service that comes with an SLA.
Setting up the service is simple. Provisioning users through the portal is fairly easy, too: Each users fills out a simple form the first time he or she accesses the site, after which his or her account is provisioned automatically. Admins can import user information from Active Directory to verify that e-mail is being sent to legitimate recipients. However, there is no way to sync the directory information or use the AD information to provision accounts.
Once user accounts are set up, the user experience is a breeze. The reports on quarantined messages (screenshot) are user-friendly, and whitelistingmessages is fuss-free.
Establishing policies is simple, and admins can easily create powerful policies to filter incoming and outgoing messages based on specific words, attachment types, or other criteria. Admins can even create specific policies to block or quarantine messages containing encrypted zip files. It doesn't include the signature capability that MessageLabs has, which prevents users from sending restricted documents, even if their names have been changed.
Reporting tools for the admin are good, and reports are easy to read, should it become necessary to show executives how well the service is performing.
All in all, IMHS provides great performance and a very fine feature set at a very low price and with good functionality. It lacks the granularity and ease of use that you'll find in MessageLabs, but it's also much less expensive.
Decisions, decisions
Choosing the right service for your organization can depend on a number of factors, including false positive rate, feature set, and price. If price is the most critical consideration, Trend Micro InterScan Messaging Hosted Security is a great choice. If a very capable, flexible feature set is your first priority, MessageLabs may be your best bet.
The user experience -- both for admins and end-users -- is another key differentiator among all of these services. The only real way to find out which services are most appealing to you and your users is to test-drive your top choices. Fortunately, all of the providers offer free trials. Trying out a service entails simply changing the DNS records for your domain to point at the hosting site, and the trial period begins. You can try the service for at least 30 days to find out how it works with your mix of e-mail and how your users like it.
This story, "E-mail security services square off" was originally published by InfoWorld.
Copyright © 2009 IDG Communications, Inc.