Test Center guide: Mail security appliances
Mail security solutions differ in anti-spam techniques, accuracy, false positive rates, and ease of setup and administration. We compare Barracuda, BorderWare, Cisco IronPort, Mirapoint, Proofpoint, Secure Computing IronMail, Sendio, Symantec, and Tumbleweed
· "Outbreak" anti-virus, which is designed to snare viruses for which signatures don't yet exist. Outbreak AV filters typically stop messages that have the characteristics of a virus, such as an executable attachment or a suspicious origin, then review them over the next 24 or 48 hours to see if a signature appears; if not, they notify the user or admin to inspect the message and release or delete it.
· Secure content management features that examine outbound messages for specific phrases, types of files, or specific file names, and log or quarantine them for review.
· LDAP/Active Directory synchronization.
· DoS protection, which blocks repeated attempts to ping, send connection request, send directory request, send user verification, or basically any type of request for a response from the server that exceeds a certain frequency threshold, such as more than 100 pings per minute from a particular IP address.
· Directory harvest protection, which is designed to thwart attempts to send messages to all possible addresses on a mail server. By discovering which addresses are not rejected, so-called directory harvest attacks attempt to build a database of valid addresses. To combat this, when the appliance sees a large number of messages going to invalid addresses, it either throttles the connection (limiting the sender to one message per minute, for example) or blocks that IP address entirely.
· Address verification, to block e-mails sent to nonexistent users, and the ability to use reverse DNS to verify that a sender's IP address matches the sender domain. The use of reverse DNS thwarts phishing attacks by preventing forged e-mail from getting through.