Test Center: E-mail security services square off
From spam-busting to content management, we test the limits of hosted e-mail security offerings from AppRiver, MessageLabs, Microsoft, MX Logic, SECNAP, and Trend MicroFollow @infoworld
E-mail security appliances aren't without their advantages over hosted services, however. Take, for example, directory synchronization. If you want to ensure that e-mail addressed to invalid users is turned away (which you should), you need to export your Active Directory information or user information from another source, be it LDAP, NIS, or something else. Although this is easy to accomplish with appliances, it becomes more difficult with a service. There are two alternatives: Option one is to open a port in your firewall for LDAP (usually port 389). This creates a security hole, however, to which your network admins may object. Option two is to export the data using an application provided by the hosting service. Although I was able to get this process to work during my testing, it took much longer than it did with my previously tested appliances -- up to a couple of hours more.
There's another important drawback to hosted services: When you sign on with one, you'll need to change your DNS records so that mail addressed to your domain goes to the service rather than your internal mail server. The service then forwards the non-spam to the internal server. Any e-mail server that performs a DNS lookup before sending mail to your users should be going with the new address within 72 hours; however, some servers, both spam and legitimate, send messages directly to an IP address and don't resolve the hostname beforehand. These e-mail messages will continue coming directly to your e-mail server, bypassing filtering, unless you configure your firewall to block all incoming e-mail from addresses other than the service. The problem here is that some of the services have multiple IP addresses from which e-mail may be sent, and depending on the firewall, setup can be complicated.
The final drawback with services lies in how user accounts are set up. Users must access the service Web site to view the quarantine, from which they can release messages and (in most cases) whitelist or blacklist senders. Some services can pull account information from Active Directory so that the user logs in with the same password recognized by his or her Windows Domain account. Others offer self-enrollment, forcing users to create an account the first time they log in.
By contrast, appliances generally work with plug-ins to Outlook so that users can review the quarantined messages within their familiar e-mail app or via a local Web site that takes the same log-in and password as their standard Windows account.
E-mail security at your service
I tested the six services in this roundup with a real e-mail stream over 15 days, averaging 16,000 to 19,000 total messages. Of those, about 2,500 were legitimate. The services tracked all incoming messages; thus, I didn't witness the reporting disparity I saw with appliances. How each service counts messages does vary slightly, however. The greatest variable is the number of messages assumed to have been delivered per connection. If a mail server connects to your domain and sends an SMTP message, it may be for one user or multiple users. Most reporting tools assume a message count higher than one, but the actual number assumed varies.
Comparing the filtering rates among the services is not terribly important: As you can see from the results table, they all scored between 94 and 98 percent. (That figure might be more for users with high volumes per day.)