Running e-mail through a gauntlet

E-mail security is a dire necessity these days, and it involves much more than anti-spam or anti-virus filtering. Phishing scams threaten to snare corporate users and their passwords for accessing business networks; other attacks target the mail server directly, trying to harvest usernames or valid e-mail addresses or gain access to the mail server. Organizations may be sued by individuals who receive offensive e-mails from company users, or even by their own employees who receive offensive content from other employees or outside sources. Companies also face the threat of losing corporate secrets or intellectual property through e-mail.

E-mail security appliances such as the IronPort C-Series and the Mirapoint Message Server M-Series not only can save end-users many hours by intercepting spam, they can address all these other security issues, as well. These appliances are available in several versions, targeting midsize to large organizations with users numbering from 500 to 5,000. Pricing for the hardware and software subscriptions goes up with each increase in capacity, but functionality is the same for all versions.

Both solutions also have the capability of rejecting a large percentage of spam even before it reaches the anti-spam filter. IronPort calls this functionality Reputation Filters; Mirapoint calls it MailHurdle. Although the two approaches differ somewhat, both eliminate blatant spam by looking at the source IP address of incoming messages. Not only can this reduce overall message volume by 40 to 70 percent, but it can be very useful for organizations that have requirements to retain all incoming e-mail. Because spam is never accepted by the incoming mail server, it doesn’t need to be archived, which can have a huge impact on the amount of data that has to be kept.

Both systems offer excellent management capabilities, not only for managing user e-mail accounts or synchronizing with existing directories to get user log-in information but also to handle multiple e-mail domains and manage several appliances from a single console. Both systems also have solid reporting capabilities and e-mail notification of alerts.

In my testing, both products stopped most spam -- IronPort, 93 percent; Mirapoint, 92 percent. IronPort excelled at avoiding false positives, with one bulk false positive (incorrectly identifying a wanted mass mailing as spam) and no critical false positives (incorrectly identifying a personal message as spam) out of more than 9,400 total messages. Mirapoint scored 81 bulk false positives and eight critical false positives out of slightly less than 9,400 total messages. Both appliances were capable of detecting content with undesirable words or phrases. Neither allowed any viruses through during testing.

Both also provide a certain level of protection against phishing. Although neither product scans specifically for discrepancies between the displayed URL and the actual link embedded in the document, as some programs do, their anti-virus engines detect some phishing attacks, and the reputation filters and anti-spam filters catch most of the rest.

These systems are difficult to price -- there are several components to each, including the appliance itself and subscriptions for various features, with pricing varying by number of users and number of features. The pricing matrix for either product can run to several pages. However, even at the most expensive pricing tier and using all features, you should have a substantial net gain because users will no longer need to sort through hundreds of messages, deleting spam, viruses, and phishing e-mails.

IronPort C-Series v. 4.0.7-11