Test Center: E-mail security services square off
From spam-busting to content management, we test the limits of hosted e-mail security offerings from AppRiver, MessageLabs, Microsoft, MX Logic, SECNAP, and Trend MicroFollow @infoworld
However, the numbers of false positives (legitimate messages mistakenly marked as spam) is far more important to monitor: If users don't trust the system to forward all their important mail, they'll spend more time perusing the quarantine than they would have spent dealing with the full volume of spam. For my testing, most of the false positives were bulk mail, either newsletters or marketing e-mails from legitimate senders who were given permission to send e-mail to the test account. Critical false positives were messages sent from a single legitimate user via a normal e-mail program, which shouldn't ever be identified as spam.
As noted, these services don't just squelch spam. In my testing, they all succeeded in stopping viruses. Anti-phishing was less reliable, with only 60 to 80 percent of phishing messages identified as such, although most were stopped as spam. Features such as archiving, content management, and data recovery all worked as advertised.
When all was said and done, MessageLabs came out with the highest marks in my tests, not only because the service's false-positive performance was best overall, but because it had no critical false positives. Its overall feature set, ease of use, and interface all contributed to the win as well. The second- and third-place vendors, respectively Microsoft and Trend Micro, each had one critical false positive, along with slightly higher overall false positive scores. In the real world, the differences between first and third are nearly indistinguishable. To its credit, Trend Micro is much less expensive ($2.16 per month per user versus $1.60 per month per user), and it offers more features at this price point, along with a guaranteed SLA (service level agreement).
The SecureTide services offer a decent number of features, including spam filtering, virus filtering (drawing on four systems), content filtering, and unlimited queuing. Though easy to set up and use, SecureTide proves lacking in some areas. General spam-stopping performance, for example, is at the bottom of the six services I tested, although still acceptable, with 95 percent of spam blocked. It also suffered 94 false positives and three critical false positives (see test results). The policy engine isn't as robust as some enterprises might like. Also, the service has some irritating quirks, such as requiring admins to whitelist messages one by one.
SecureTide proves simple to set up, as do all the services in this roundup. When setting up users, you have a couple of options: You can import users from Active Directory or another LDAP directory, or you can enter the information manually or through a comma-delimited file.
Once the service is configured, a held mail report goes to each user. This leads to one of the shortcomings of the service: If a user discovers a false positive, he or she must request whitelisting. Each request goes to the exception requests filter for the administrator to review. If approved, the requests are added to the whitelist. This means that the admin must review each and every whitelist request separately. If you take the 94 false positives I got during the first two weeks of testing and multiply it by several hundred users, you're looking at an inordinate amount of the admin's time during the first few weeks.