Test Center guide: Mail security appliances
Mail security solutions differ in anti-spam techniques, accuracy, false positive rates, and ease of setup and administration. We compare Barracuda, BorderWare, Cisco IronPort, Mirapoint, Proofpoint, Secure Computing IronMail, Sendio, Symantec, and Tumbleweed
Choices in mail security
Data protection options
Testing mail security appliances
Mail security appliance reviews
Barracuda Spam Firewall 400 (v220.127.116.11)
BorderWare Security Platform SP-800 (v7.1)
Cisco IronPort C100 (v5.5.1)
Mirapoint RazorGate 160 (v3.8.4-GA)
Proofpoint Messaging Security Gateway P840 (v5.0)
Secure Computing IronMail E2000 (v6.5.2)
Sendio I.C.E. Box (v3.0)
Symantec Mail Security 8340 (v7.5)
Tumbleweed MailGate 5650 (v3.1.2-4366-HF1)
Nearly all AV engines use a combination of signatures that are constantly updated by the vendor, along with heuristics that attempt to identify dangerous attachments that aren't caught by the signatures database. Anti-spam techniques include sender reputation, based on the vendor's database of IP addresses known to be sending spam; certain TCP/IP tricks such as requesting a resend of the message (legitimate mail servers will resend, while most spam engines don't); heuristics of many different varieties; and a host of other specialized techniques, including such oddities as employing optical character recognition to identify image-based spam that doesn't use conventional text in the message. Filtering and spamming techniques evolve through a constant battle between the anti-spam vendors and spammers, who are desperately trying to slip their ads past the filters. Because the spammers are commercially motivated to bypass new heuristic techniques quickly, many vendors are relying more on reputation-based filtering.
While anti-virus and anti-spam are the essence of mail security, there are a number of other features you should expect to find in all e-mail security appliances. These include:
· Policies that can be set per user, per group, or per site to control when users can send and receive mail, to whom, whether whitelists or blacklists can be modified by users or admins, which types of attachments are allowed on incoming and outgoing mail, and so on.
· Support for multiple domains or back-end mail servers.