Product Details
Product Rating
Barracuda Spam Firewall 400
Cyberguard Webwasher 1000 CSM
Ecelerity Edge 75
Fortinet FortiMail-400
IronPort C60
MailGate Edge
Mxtreme Mail Firewall MX-400
Sonicwall PRO 5060
ThreatWall 300
Trustix Xserver Content Filtering Gateway 800
Tumbleweed Mailgate Email Firewall
We felt that while the IronPort C60 is expensive, it nevertheless provides the resilience and features needed to meet demands at the high end of the market. Our two Recommended products are eSoft's ThreatWall 300, because its SoftPak feature allows the systems to be tailored to a site's exact needs, and the CyberGuard Webwasher 1000 CSM, because it offers an all-in-one solution to both problems.
Email content filtering (2005)
The vast quantity of email that flows through organizations is beginning to bog them down. One way out of this, says Ian Parsons, is to knock out junk and spam before it hits the desktop, using content filtering
Time is money. Time spent on activities that do nothing to improve a firm's bottom line is not time well spent, and the efficient business tries to avoid wasting time whenever possible.
Before the internet became an essential business facility, it was reasonably simple to control time-wasting, but with a networked PC on every desk, who can tell what's really going on?
Employees can spend a large part of their day simply wading through emails, and when their electronic in-trays are stuffed with junk mail, this can be a serious drain on productivity. The volume of spam in email messages has been estimated at anywhere between 60 and 90 percent. Whatever the figure, it represents a considerable amount of time and resources wasted in processing it at all stages, and anything that can be done to improve things is worth serious consideration.
There is some debate about where email filtering should occur. Some ISPs offer it as a service, but most businesses would feel more comfortable with a solution they controlled themselves, so they can be sure that essential messages are not being filtered out before they even receive them.
A company's mail server can often do a lot of the filtering tasks, but a separate device offers extra benefits by providing additional processing power without having to upgrade the server system. Some of these devices are dedicated email filtering systems, others are firewalls with some spam prevention and detection.
There are a number of control mechanisms available. A simple solution is to have lists of addresses that are undesirable and simply block anything originating from them. This is the blacklist solution, and it is effective, up to a point. New sources occur every day and lists need to be similarly updated.
There are also whitelists that contain addresses known to be acceptable. While the temptation is to set up the lists like a firewall, denying everything that is not on the whitelist, a moment's thought will show why this might not be such a good idea in a business environment – new customers will not be on the list, so will not be able to contact you.
Whitelists are generally used to allow trusted traffic to bypass the other checks. These can include scanning the content for key words and phrases and verifying that the sender actually exists.
There are similar problems with internet access, and the solutions are similar, too, with blacklists and whitelists of URLs replacing email addresses, and scanning the text of web pages before passing them to the user. These systems need to be flexible enough to allow levels of access based on users and time schedules. While most employees would never need to be able to download software, technical support personnel certainly would, and the marketing department would probably need to download multimedia files.
We set the devices up to the manufacturers' recommendations, using internal network addresses, and used a server running Windows Server 2003 and Ipswitch's IMail mail server software as the target mail server, while the test messages were generated using Perl scripts running on a Windows 2000 workstation. These messages were copies of genuine email traffic, containing a mixture of genuine spam, innocent traffic, and some messages that looked like spam but were not. All the equipment was connected through a dedicated Gigabit switch.
We were more interested in how well the systems detected spam than how rapidly they did it, since email does not need a rapid response. But it was noticeable that some devices took considerably longer to process mail than others, and the variation in speed between unfiltered and filtered traffic in the same device was often dramatic.
We also tried to harvest email directory information using a brute-force approach. In this case, we were looking to see if the device would detect the attempt.
Opinion is divided about what to do with such attempts. Some advocate silently discarding the messages, while others suggest locking out the offender for a period of time. Neither action seems likely to prevent further deluges of unwanted email.
We looked for the ability to filter email in both directions. There is a growing concern that corporate mail systems could be used for criminal activities or simply as a way of passing on sensitive data. While filtering inbound spam generates the most concern, outbound activities can be even more damaging.
A company's reputation will not be enhanced if it finds itself on a spam blacklist because its network has been used as a relay.
