For content filtering, see: Internet Filtering.
For more general discussion of network optimization, see Internet & Network Bandwidth & Monitoring & QOS
Spam Email Filtering ServicesEdit
- CudaMail.com - Filter Spam and Virus before they reach your Network
Spam Email Filtering Network AppliancesEdit
We use the Barracuda system through Tangent. We like the fact that all our email is filtered before it reaches our server (FirstClass). While it doesn't stop all the SPAM it has reduced our traffic by 50 to 70 %. Individual users can setup white and black lists and look through their quarantine area. They can choose to be notified daily, weekly... about mail in their quarantine area. The service is well worth the price. While not cheep it is not a great expense.
We use Fortigate firewall (I think) and Fortimail for spam filtering. We use 8e6 for web filtering. We really like the “Forti” products.
Check out Abaca
We're using the FG 300A http://www.fortiwall.com/ProductCart/pc/viewCat_P.asp?idCategory=787 and are quite pleased with it. Basically, the pros and cons are the same: It's an all-in-one unit. We're using it for routing, firewall (including inter-VLAN), content filtering, intrusion suppression, anti-spam, anti-virus, timed network access for the dorm VLANs etc. etc. It does all of this and more. The configuration is simplified because it's only one box. But, if it fails, everything is dead.
I used to think outsourcing was going to cost too much. Then I met with a rep from a company called Safe Links. We used to have a Barracuda firewall 200 which worked well but then the spam got so out of control that it was overloaded. We were getting somewhere in the neighborhood of 10,000 emails per hour! We hired Safe Links to outsource our mail and they actually replaced our Barracuda for less than the price we originally paid for it. Our annual fees are the same and now we have an upgraded system that is outsourced. We also let them have access to our Exchange server and in doing this they can really customize which mail comes in and which mail is rejected. I know that isn't for everyone but we like it. I used to get about 10 spams a day. Now I hardly get any. I'd say we are somewhere in the 95%+ range of blocking spam now. They offer SPF checking, Anti-spam, Anti-Virus, Archiving and Quarantine services. Check out www.safelinks.com. It's affordable with good service and response times.
Q. Does anyone restrict incoming email if your mailserver cannot do a reverse lookup on incoming mail.
A. Yes, our Barracuda does SPF checking and blocks messages that appear to come from spoofed domains. In a few cases, it has blocked legitimate messages where, for example, a sender in a corporate environment has an external POP account, but uses an internal SMTP server that does not have an SPF record on the domain in question.
Q. In a nutshell, our problem is that we cannot simultaneously tighten & loosen the screws to make everybody happy. Additionally, we feel very strongly that our priority must be to protect our students from this junk for liability reasons.
A. I'm very happy to out source the task and have been using www.appriver.com to catch spam and viruses for a few years. Each user receives a daily email with a list of the spam that has been blocked and they can release any email that may have been caught unintentionally. It regularly saves my server from over 5 gigs of junk monthly.
A. We run a Barracuda Spam Firewall. Best investment the school ever made. It updates almost every hour with new spam rules that Barracuda sets, but you can also tweak it yourself. We have it email us Top Email Receivers and a nice chart with hourly records of amount of email received. If you aren't interested in new hardware just set your spam rules high and whitelist certain email address. Its easier to whitelist one or two email addresses than worry about blocking 100's of spam emails. You will just need to rely on the user to let you know that an email they are expecting hasn't come through. I wouldn't recommend it but you could always whitelist domains like @aol.com, @gmail.com, @yahoo.com, and @hotmail.com. Hope that helps.
Not having time nor the desire to manage yet another appliance or software program, we switched to a service from MX Logic (http://www.mxlogic.com/) over the summer. I can't think of anything that has been so easy and which has received so much positive feedback as this switch.
In a nutshell, MX Logic is a service. I point my MX record to MX Logic which then filters mail (and caches it in the event our Domino server or Internet connection goes down or is taken down for service) and then relays approved mail to our Domino server. Each day each user receives an email from MX Logic with a summary of all messages blocked over the last 24 hours from which the user can release a blocked email and/or create an allow filter with one click. Also, at anytime a use can click a link on one of the daily reports to see an up to the minute view of his quarantine.
The spam filtering is excellent. MX Logic uses many layers of tests and I've found they are very quick to adjust to new spammer techniques.
Central management of policies is powerful and intuitive. Actually, since setting it up in July and tweaking the settings a little, we haven't had to think about it since. Users also have the ability to customize their settings, although most just accept the defaults we set.
- Not to oversimplify, we just run the Barracuda "out of the box" with minimal tinkering. Our Barracuda blocks about 76% of ALL incomming e-mail as spam. Yes, we still get spam, but we deal with it and we have virtually no false positives. IMHO it is not worth the time tinkering to go from 10 spam a day down to 5 given that you are already blocking 150.
- I have had my Barracuda almost a year now. I had a lot of spam (5 to 15/day) for some users and I, myself would get around 20 (down from >200 without). I have mine set pretty tight- Tag 1, Quarantine 2 and Block 5. Also I had to wait until my "Message classified as not Spam" in the Bayesian intent reached 200 for it to do a better job. Now it is working better, 2-3 spam a day but with a lot of false positives, which then has to be white-listed or classified as not spam. So to make a long story short, still a lot of training after almost a year.
- We use Postini, an off site hosted spam filter. Works great. Combined with my email server's built in spam filter I don't get more then a handful of spams a month. http://www.postini.com/
- We use Postini as well, and the SPAM has flowed to a trickle - once configured correctly. Our users must setup their Postini settings deliberately if they want SPAM protection. Some do, some don't. Oddly enough, a few weird individuals actually like SPAM. Occasionally Postini will 'burp' and allow SPAM in to the server, but this lasts no more that a few seconds to a minute or so.
- We have tried Barracuda and Swirbo. Both are amazing systems. I replaced my Barracuda box with Swirbo mainly for the offsite features. Barracuda does a great job but it is an onsite solution so you do waste your bandwidth on the spam emails and if it fails then your spam filtering stops. Swirbo is offsite so just change all your MX records to Swirbo. They receive all of your mail and then send you the good stuff. Also if your site is down for power outage or whatever they will hold you email for I think up to two weeks and when they can contact your server they will slowly start sending all of your mail. Both products have the option to let the user customize their own account via the web or you can make it invisible to them, which is what I do. Both products also have built in virus protection. Both do an amazing job at filtering, but in my opinion the offsite features of Swirbo are amazing.
- We just switched from Barracuda to Ironport. The Barracuda was effective, but still allowed too much spam through. There are ways of turning up the filtering, and users can control what they receive, but fresh out of the box the Ironport stopped it all. No more spam, it is amazing. I received no complaints from users about not getting messages from lists they wanted. It requires no intervention from users to work well. Impressive.
- No doubt Swirbo can be a great solution but looking at the 5 year TCO of a hosted solution (I examined several but not Swirbo) they were always more costly than the on-site (which has high initial cost and lower on-going). I currently use the Barracuda product (it replaced McAfee's exchange plugin). I like its easy administration, and solid Exchange integration (with optional plug-in) and there were no per user charges, pay for bandwidth charges, or tiers of service (e.g. Pay more for virus blocking). My service provider provides MX backup for free (as do most T-1 providers) so this was not a concern. Checking this morning, I have been averaging 7000 emails a day (94% spam) and they have consumed appx 1.2% of my total T-1 bandwidth (mostly at night). I did not consider this sufficient reason to go with the higher cost solution but if you are on DSL, ISDN or anything with a lower data rate this could be a big selling point. So given the higher TCO (at least last time I checked). The only benefit I saw to a hosted solution was that some of them provide a web interface that would allow my users to still view their mail (but not send) even if the server was down. Finally, remember that many of these products (Barracuda included) are built on free, open source products (SpamAssassin and ClamAV) that you could install at minimal or no additional cost. You are essentially paying for convenience, ease of administration, better reporting tools, and tech support.
- Spamsoap is excellent. Easy to manage and effective.
- You may already have what you need and the best part: It's free. If you haven't already done so, I urge you to download and install Exchange Server 2003 - Service Pack 2. This service pack includes some significant additions to Exchange 2003 including Sender ID, Intelligent Message Filtering (IMF) and a few other tricks. These features weed out unsolicited e-mails based on their underlying characterics (for example e-mail claiming to be from microsoft.com that is not, or purported to be from a sender who does not exist). It's really very effective and flags perhaps 70%-90% of inbound spam - directing the rest to a "Junk Mail" folder for further review by the recipient. You can "Tune" the filter to find the best balance between blocking spam and having too many "false-positives". Each user can also add senders to a "Trusted" list so that legitimate e-mails, routed to the junk folder, will, instead, go to the Inbox. The following article gives a pretty good overview of SP2 and how the spam filtering works: http://www.microsoft.com/technet/technetmag/issues/2006/01/NewWeapons/default.aspx Check it out. The underlying logic behind these tools is deceptively simple but quite effective. This may not be the perfect solution but I really think Microsoft and others who are part of this effort, are heading the right direction with this one and, as I said, it's free.
- I believe all the named solutions have their own merit. We use multiple linux servers running postfix, mailscanner, spamassassin with additional sare rules, razor, dcc, pyzor, postgrey, multiple rbls and 3 antivirus engines (clamav, f-prot, and bitdefender). These servers feed the Symantec antivirus gateway which in the last year has only seen 5 viruses (recent problem when the perl tnef module could not open the embedded attachments in an outlook originated email. This is a very low cost solution (all open source or free except for f-prot). If you choose you do not have the time to invest in learning a little linux then I would suggest a Barracuda. Unix based solutions are far less vulnerable to email viruses and the like so they work much better as filters or gateway solutions. Microsoft's Exchange server is excellent as a collaboration server, but is more vulnerable to the problems of the Internet. This is why we use gateways to protect our Exchange servers. http://www.sng.ecs.soton.ac.uk/mailscanner/ http://www.postfix.org/
- We're running GFI's MailEssentials for Exchange 2003. Awesome application that's updated nightly, works with many of the RBLs and is intelligent enough to learn from email usage what's considered spam and what's not. End-users can help the database by simply dragging spam messages into the GFI public folders. Reasonably priced and the support is top-notch. Run's right on the Exchange server.
- Regarding anti-spam software, we have installed the free opensource ASSP. http://sourceforge.net/projects/assp/ It sits on a Mac OSX box, and integrates nicely with our FirstClass system, though also works well with any smtp server. It is a Bayesian filter, and therefore "learns" what is spam (and not-spam) from the users. It took a while to set up an "train" it to recognize spam, but works very well for us, and the price is right. :) While we use it on OS X, other platforms are supported.
- We use GFI MailEssentials. It receives some of the best reviews for an anti-spam product for Microsoft Exchange. It isn't overly expensive, and it provides some other interesting features like mail archiving, disclaimers, and a built-in list server. http://www.gfi.com/mes/mesfeatures.htm Readers of MSExchange.org, an great site for Exchange related information and products, voted it the best anti-spam product by a wide margin: http://www.msexchange.org/news/GFI-MailEssentials-Exchange-Anti-Spam-Readers-Choice-Award.html