BorderWare and Proofpoint boxes are both capable spam combatants
MX-200 masters false positives while P800 nails more unwanted messages
When choosing an anti-spam solution, there is always an unfortunate trade-off between effectiveness in filtering out spam and the possibility of misidentifying important messages as spam (known as false positives).
This trade-off is perfectly illustrated by the performance of the BorderWare MXtreme MX-200 and the Proofpoint P800 Message Protection Appliance. In my tests, the MX-200 had zero false positives but stopped only 83 percent of spam. The P800, on the other hand, stopped 94 percent of spam but had 26 false positives, two of which were important messages.
Both appliances are intended to provide a drop-in, low-maintenance solution to e-mail security. The feature sets are complete in both products, including not only anti-spam features, but anti-virus (included in the MX-200 and optional in the P800), content control, and some e-mail-specific intrusion-detection and firewall capabilities. Both also offer substantial reporting capabilities, granular management delegation, and good, all-round e-mail security. The BorderWare device offers additional features aimed at ISPs or large organizations with multiple domains.
Both companies offer several models distinguished by capacity rather than feature set. Due to differing pricing models, an apples to apples comparison of these two products is difficult; and the cost per user varies with the number of users.
The MXtreme MX-200 is a tiny 1U box, though brackets are available to mount it in a standard rack, if you so desire. It has a Celeron 1.2GHz processor, 256MB of RAM, and a 10/100 Ethernet connection, and it runs a hardened version of Linux.
Initial setup is straightforward, but because the box was not supplied with a default IP address, I had to use a keyboard, mouse and monitor for initial setup. After entering the basic network information, I completed the rest of the configuration through a Web browser.
The MX-200 has a wide variety of anti-spam technologies, including: whitelists and blacklists; RBLs (real-time black hole lists), which are lists maintained by volunteers or organizations that identify spammers or potential spammers; a distributed checksum clearinghouse, which looks at data collected from many e-mail servers to identify spam; statistical token analysis, which scrutinizes message content; and several filters that reject improperly formatted e-mail. It also has an optional Brightmailanti-spam engine.
Not all of the filters are enabled by default, and if the Brightmail engine is used, redundant filters are disabled. It is necessary to look through the list of filters and understand what they do in order to set them up correctly; this is not a product that you can simply enable by clicking one button and be on your way.
BorderWare recommends Brightmail as the default. Filtering performance was not exceptional in this configuration with only 83 percent of spam filtered. Tuning the filters should increase that rate. The box’s false positive rate, remarkably, was zero.
The MX-200 provides an e-mail server in addition to the filtering gateway. It offers POP, IMAP, and HTTP access to e-mail, with security through LDAP, RADIUS, or SecurID.
BorderWare’s box does not quarantine spam. By default, it appends “Brightmail spam” to the subject line. The administrator or end-user must then create a filter to move messages with that subject to a spam folder.