Exclusive: CipherTrust, Corvigo, and MessageLabs lighten the spam load

Two appliances and one service all hold great promise in the battle against unwanted e-mail

Despite the government’s latest efforts to curb unwanted e-mail, spam is still stacking up in mail servers worldwide. Fortunately, vendors continue to make their anti-spam products smarter and smarter.

As part of InfoWorld’s ongoing tests of anti-spam, I recently took an exclusive look at two anti-spam appliances, CipherTrust’s IronMail 4.0 and Corvigo’s MailGate MG1200 2.0, along with MessageLabs’ Anti-Spam Service.

The IronMail and the MailGate had the highest percentage of spam caught, while all three did extremely well with false positives. The latter point is particularly important because reducing false positives is more critical than the reducing the percentage of spam filtered. The number of important e-mails incorrectly identified as spam ranged from one in 2,043 for Corvigo to eight in 4,889 messages for CipherTrust.

Looking beyond filtering capabilities, MessageLabs’ service offers superior ease of use, simple installation, and reduced network traffic. As appliances, both CipherTrust and Corvigo also offer relatively simple installations, particularly compared to anti-spam software. Although both have a higher up-front cost than MessageLabs’, their cost per user over a few years may be substantially less than the service, especially with thousands of users.

CipherTrust IronMail 4.0

Easy to use and configure, the IronMail appliance produced excellent results in my tests, and with no per-user cost it should be especially cost-effective in deployments with large numbers of users. Additional security and content control features offer extra value for the price.

IronMail offers a wide range of sophisticated features, including both anti-spam and anti-virus services and a variety of additional security features, including content checking, attachment filtering, Exchange firewall and reverse proxy capability, and intrusion detection. These features will be a boon to companies that would rather consolidate e-mail security in one place and that don’t already have these features in a firewall or other appliance.

This 1U, Intel server is based on an IBM eServer xSeries 305 system. Since on-site installation support is included, administrators will have little to do other than following the preinstallation checklist.

A wizard takes you through the initial setup. From there, the IronMail appliance can be attached to the normal network, and the rest of the configuration can be accomplished through a browser. The appliance connects to CipherTrust’s network for updates to filtering criteria and to share information on new trends in spam with information collected from all the other IronMail appliances.

Configuring IronMail is necessarily complex, given the large number of capabilities it offers. For instance, an admin can change the filtering order (anti-virus, anti-spam, content filtering, mail monitoring) and anti-spam filter order (Bayesian, ESP, blacklist), and there are a number of anti-spam filters to be configured. The primary filter is the ESP (Enterprise Spam Profiler), which uses a set of 15 tools. This is a larger variety of different tools than I have seen in a single product before, which allows for considerable flexibility, although not necessarily any greater effectiveness than other solutions.

Other filters include a statistical look-up service, which creates a hash of messages (a unique identifier of the subject and body of the message) that it shares with all IronMail systems worldwide, looking at the total message frequency to determine if a message is spam or bulk.

A whitelist of usual legitimate bulk mailers is included, another extra not common to anti-spam solutions. The whitelist can cover sender or recipient, with wildcards, for any part of the system — not just anti-spam but anti-virus and content checking as well. The system can automatically add addresses to the whitelist based on outbound messages and the number of messages in a given time. Otherwise, the approach to whitelisting is a manual process, accessible only to the admin, which is fairly cumbersome.

Attachment checking looks at both the file name in the message and the actual file, regardless of name; it can also check Zip files. The feature can look for specific attachments and send an alert if a message is encrypted.

The content filters have a log-only mode so administrators can test new filters before deployment. Other options for processing spam and applying filters include changing the header, quarantine, forwarding normally, copying suspect messages to a second account, rewriting the subject or dropping the message. A search feature enables users to find processed and quarantined mail sent or received that day or to look at logs of what happened to the mail.

Corvigo MailGate MG1200 2.0

The Corvigo MailGate is an  effective product with excellent performance and great ease of use, both for administrators and users. It offered the simplest installation of any appliance I’ve tested, and it offers an end-user experience as easy as anything I’ve seen. While it doesn’t have the broad range of additional e-mail security features that the CipherTrust system does, it is easier to install and less expensive for smaller numbers of users, making it a good fit for smaller companies.

This 1U appliance is about as simple to install as an appliance can be. All further configuration is accomplished through a Web browser interface, and Corvigo provides on-site installation support as part of the purchase price.

Initial configuration requires entering a license key. The appliance then connects to Corvigo via the Internet to get a license file and updates. MailGate can automatically add users as mail is received for them or integrate with LDAP to work with existing directories such as Exchange, Active Directory, or Novell Directory Services.

Rather than the usual types of filtering, Corvigo uses a proprietary technology the company calls Intent-Based Filter, which should require less frequent updates than other products. The company does not divulge how the approach works, but it did produce the best results of this test and very good results compared with all the anti-spam products reviewed in the past six months.

Once the appliance is installed, when users receive e-mail for the first time, they receive a spam report that shows all messages that have been filtered. By clicking on a link in the e-mail, users can release any e-mail they want from the quarantine, or release them and whitelist the senders. Mail that has been misclassified can optionally be forwarded to Corvigo to improve processing.

The MailGate supports multiple domains and can route mail to different servers based on the destination domain. Permissions can be set at a very granular level, both for administrators and for users. For a drop-in appliance that can be running in 20 minutes from the time the box is opened, the MailGate provides great performance at a competitive price.

MessageLabs Anti-Spam Service

The advantage to a service is that no changes in the local network are necessary, and it reduces overall traffic from the Internet, because spam is filtered before it gets to the corporate network. As with other services such as Postini and Frontbridge, setup and installation involve nothing more than making one change to the DNS records for your mail server. MessageLabs doesn’t offer the broadest range of features of all the services I’ve reviewed, and the percentage of spam caught was lower than usual for the products I’ve tested, but pricing is great and the number of false positives was very low.

The MessageLabs service offers a global platform with nine datacenter locations around the world. Account activation is straightforward and easy to configure, for one domain or many. Adding new users is accomplished automatically.

Users receive an e-mail showing them all the e-mails that have been quarantined. The administrator can set the time intervals that users receive notifications from once a week to once an hour. The user can then release the e-mails with one click.

The anti-virus service is enabled and activated once an account is provisioned. Activating the anti-spam capability is straightforward, mostly a matter of designating which of the various anti-spam technologies will be enabled, and what should be done with detected spam.

Anti-spam technologies include several open subscription lists of mail servers that send spam or allow unverified users to send mail, as well as MessageLabs’ heuristic scanning, which works by scoring each e-mail against a set of rules. If the e-mail in question earns a specified score, it is identified as spam. Spam can have the header altered and forwarded normally, have the header altered and be forwarded to a bulk mail address, be blocked (quarantined), or be deleted.

Each account has 3,000 entries for a custom whitelist and blacklist. Both the whitelist and blacklist can be specified by senders’ domain, e-mail address, or IP address. Accounts can be configured so that users can be allowed to add to the whitelist and blacklist themselves or so that only the administrator can add to the lists.

Automatic provisioning works well, and adding domains to an account is also straightforward. Delegation of administration (allowing a specified user to administer all or part of a domain) is basic and easy to do. Reporting functions are limited but what’s there is what most administrators will be looking for — however, historical information is not easily accessible.

As a service, MessageLabs reduces traffic over your Internet connection, and the anti-virus filtering provides security before traffic even gets to the firewall.

All of these products provided exceptionally low false positives. If you’re looking for a full-featured e-mail security appliance that also filters spam, CipherTrust brings an exceptional variety of capabilities to the table. If you’re looking for a simple, easy-to-use appliance, the Corvigo is a great bet, especially for smaller organizations. And if you want a service’s ability to reduce traffic over your network connection, MessageLabs is a good fit.

InfoWorld Scorecard
Manageability (25.0%)
Ease of use (20.0%)
Setup (20.0%)
Value (10.0%)
Performance (25.0%)
Overall Score (100%)
CipherTrust IronMail 4.0 Appliance 8.0 8.0 9.0 9.0 9.0 8.6
Corvigo MailGate MG1200 2.0 8.0 9.0 9.0 8.0 9.0 8.7
MessageLabs Anti-Spam Service 8.0 9.0 9.0 8.0 8.0 8.4