Historically, spam filtering has occurred at ISPs, on enterprise gateways (e.g., a DMZ server), on mail servers, and on desktops. These strategies, especially when they're combined to create a multilayered solution, have been effective in reducing the amount of spam users receive in their mailboxes. But increases in spam create slower mail server processing rates as well as require additional storage for messages flagged as potential spam. That's why many organizations are looking to replace their first-generation spam software solutions either with a spam-filtering appliance or by entrusting spam-filtering tasks to a hosted service. This Buyer's Guide will help you evaluate spam-filtering appliances and hosted services so you can choose the technologies that provide the best email protection for your organization.
Purchasing an Appliance
Spam appliances are standalone devices with OSs designed to filter spam. You can deploy spam appliances at your network's entry point or in front of your mail server. Many appliances come with preconfigured rules, policies, and lists (e.g., blacklists, whitelists, vendors' proprietary lists) and are designed to be ready to perform out of the box. Most appliances include a Web-based UI that lets you centrally and remotely manage email policies and rules, search for and release quarantined email, and generate real-time and historical reports.
Most appliance vendors supply daily spam rules updates to keep their appliance effective against the latest threats. Some vendors provide this update service free for one year when you purchase their appliance; other vendors offer their update service on a subscription basis at additional cost. An advantage of purchasing an appliance is that no user licenses are required. You purchase an appliance that accommodates the number of email users in your organization or the average number of daily email messages your organization sends and receives. In general, appliances offer better ROI for organizations with more than 100 users.
Using a Hosted Service
Hosted services filter email messages before they reach an organization's email server. Using a hosted service reduces server resource usage, requires no additional hardware or software purchases, and means messages identified as potential spam are stored at the host site. Often, hosted service providers can respond quickly to newer forms of spam.
Larger organizations often use hosted services to support additional email functions such as outbound filtering and encryption and adherence to compliance policies, but hosted services are also suited for small companies with 100 employees or less or that aren't ready to hire a mail administrator. Number of email users is usually the price determinant in hosted services; the more email users you have, the higher in cost the service becomes.
Many service providers make additional services available, including automatic disaster recovery and failover, offsite message archiving (for compliance and business continuity), data redundancy, IM protection, and outbound filtering. The inclusion of one or more of these services can affect the price of a hosted service plan.
Making Your Choice
The most basic requirements for antispam protection are a comprehensive hosted service plan or an easy-to-install appliance that guarantees high spam protection (a capture rate of at least 97 percent) and a low false-positive rate. When investigating hosted services, look at the uptime that the service level agreement (SLA) guarantees and the message latency rate. It's important that a hosted service queue messages if your network experiences downtime or a connection fails. Also check to make sure that an appliance or hosted service you're investigating supports your email servers, is LDAP-compliant, and can handle multiple domains. The more protection mechanisms—for antivirus, antispoofing, antispyware, and antiphishing support—and filtering technologies a service or appliance supports, the better.
To effectively manage spam, mail administrators should look for products or services that provide a Web-based interface (possibly supporting multiple languages for global users) that lets them remotely monitor and access quarantined, blocked, or deleted spam messages; manage policies (such as customizing policies for different domains, user groups, and individual users), rules, and lists; perform user-account administration; and generate reports (some products have dashboard displays that provide real-time statistics).
Choosing the Best Solution
The key factors you want to keep in mind are ease of use, superior rate of filtering, scalability, pricing structure, customer service and implementation or installation assistance, and related features or services available that might offer valuable functionality in the future. The table on page 20 will help you compare the functionality and features of various spam-filtering appliances and hosted services.