MailMarshal puts spam in a headlock

NetIQ’s MailMarshal fulfills the same need as the products in my recent spam-product roundup, but this anti-spam gateway will best satisfy Windows-centric organizations.

MailMarshal is available in an SMTP version or a version that integrates with Microsoft Exchange 2000; I tested the SMTP Version 5.5. Performance was good, but the real story is its ease of installation and management in the Windows environment — the Exchange version should make spam control and e-mail security even simpler.

Installing MailMarshal is straightforward. It requires MMC (Microsoft Management Console), ActiveX Data Objects 2.5, Microsoft Data Access Components 2.5, Internet Explorer 5.01, and SQL Server 7 or later for reporting and logging — the free MSDE (Microsoft Data Engine) run-time version can be used for smaller sites.

When installed, MailMarshal’s console is powerful and easy to use, with the ability to grant administrative rights on a wide, yet detailed, scope. Using LDAP, it can import users and groups from Active Directory or Exchange, Lotus Notes, Novell’s GroupWise (NDS), or any LDAP directory.

The system uses blacklist, whitelist, heuristics, and proprietary filters to identify spam. It supports third-party blacklists and can block specific e-mail hosts, servers, or ranges of IP addresses, as well as messages with spoofed sender addresses. This wide range of categories allows you to tune spam blocking for specific departments. And, MailMarshal can act on spam in several ways, modifying the subject line, adding a header, or quarantining the message, depending on your company’s preference.

MailMarshal offers a full assortment of other e-mail security services, too: It can detect foreign language character sets and filter them, as well as detect messages that lack any text but contain HTML links to images — a technique  to bypass filters that look for attached images that is gaining favor with spammers. It can also filter both inbound and outbound messages, looking for proprietary information, unacceptable language, pornography, or MP3 files, to enforce corporate mail usage policies.

MailMarshal supports a total of five built-in DLL scanner interfaces: Marshal Integrated McAfee Anti-Virus, Norman, Sophos, Panda, and Symantec Anti-Virus Scan Engine. You can run any combination of scanners simultaneously, and with five choices, you’ve got a solid scanning foundation. Also, MailMarshal will allow virus cleaning via third-party anti-virus scanners, such as Vet, Kaspersky, F-Secure, and NOD32.

Monitoring functions, reports, and logs are detailed and complete, but easy to set up. The administrator can enable TrafficWatch, which continually monitors e-mail volume, and can send an alert if unusual patterns emerge, indicating a DoS attack, directory harvest attack, or a virus outbreak.

Spam settings can be set by enterprise (multiple domains) or single domain, and individual groups or users within a domain can have different rules. This is a feature not found in many gateways or services, and it allows a much more flexible approach to filtering.

It lags slightly behind the previously tested products in spam-blocking effectiveness, but MailMarshal still racked up a nearly 90-percent success rate, almost no critical false positives, and roughly 2 percent noncritical false positives in my tests.

This spam-blocking effectiveness and flexibility in settings and mail monitoring make MailMarshal a good choice for a Windows-only environment or any organization using Exchange. Plus, MailMarshal is the only gateway I’ve tested to date that allows different filtering settings for different users and groups, further easing the administrator’s burden.