Product Group Tests
Email content filtering (2006)
By a narrow margin, in a test that featured some excellent contenders, our Best Buy is the enterprise class MXtreme Mail Firewall 800 from BorderWare, which is a relatively competitively priced, richly featured system offering impressive security functionality and excellent management tools. Close behind were several offerings worthy of our Recommended award. The first product is the eSoft ThreatWall 200, a simple-to-deploy product that provides powerful and flexible data protection. Second is Clearswift's excellent MIMEsweeper for SMTP, which is a fast, fully featured email content filtering option.
Full Group Summary
With the rising tide of spam, email-borne security threats and the danger of employees abusing email, it is essential that organizations take control of their email systems.
When unsolicited email first began circulating, it was a bit of a joke – earning the jocular name of spam. However, as spam volumes soared to epidemic proportions, what was just a minor problem in the working life of IT security professionals is now a crisis. In fact, some industry experts warn that it now accounts for almost 95 percent of all email.
According to newly published figures from JupiterResearch, the average active email consumer received an astonishing 3,253 pieces of spam in 2005.
Long gone are the days when this could be seen as a laughing matter. The daily deluge of unsolicited junk email negatively impacts on organizations by clogging networks and filling up mail server bandwidth. It also acts as a vector that can allow serious security threats, such as viruses, trojans, worms and phishing scams, to penetrate corporate networks.
The cost of spam goes far beyond supplying extra capacity for clogged email servers and storage space for the millions of unwanted emails. There is also the cost of IT departments wasting dozens of days a year dealing with it. And it is the secondary affects of spam, the security threats, that are the most expensive.
Spam is a major driver behind the alarming rise in the number of corporate data breaches. Feeling the impact of international awareness and country-specific legislation such as CAN-SPAM
in the U.S., more spammers are using illegitimate providers in less-regulated nations.
According to IT security firm Sophos, virus writers and hackers are fast becoming the spammers’ key partners in crime: with 60 percent of spam coming from zombie PCs infected with malware.
Indeed, the steady rise in the sophistication of spyware threats and distribution methods made 2005 the "biggest year yet for spyware," according to Webroot Software’s State of Spyware report.
Spam and potential security breaches are the most serious email-related problems facing enterprises, but there is also the potentially devastating affect that email abuse can have on corporate reputations.
In this world of ever tighter corporate regulations, firms are more and more accountable for the actions of their employees. Just one offensive email message can have profound affects on a company’s reputation.
Then there is the widespread practice of email being used as a vector to siphon out sensitive commercial data. While there can be no definitive solution, the only viable way to mitigate the worst excesses of email-related threats is to deploy ever-more sophisticated server-side filtering to weed out spam and filter emails before they hit the corporate networks.
Email content filtering monitors ingoing and outgoing emails and blocks those that don’t meet the company’s acceptable use policy.
This group test looks at some of the leading products available to enforce corporate email policies. Some detect and block spam, while others enforce company-specific acceptable-usage policies.
Our testing methodology began with a run-through of the set-up and management capabilities of each offering. We looked for ease of use and configuration, clear interfaces, and the ability to integrate with complementary systems such as anti-virus applications. Finally, the quality of each device’s reporting was analyzed in-depth, as were, naturally, the filtering and anti-spam facilities.
However, this functionality is extremely hard to test empirically, because of each system’s different approach and the ingenuity of spammers in devising ways to circumvent such technologies.
Nevertheless, we found these systems’ spam-detection rates were very high. We also checked to ensure that systems’ core engines were capable of "learning" how to detect spam via feedback systems, where users can manually reclassify incorrectly identified mail.
We also scrutinized the ability of the devices under analysis to block an undesirable or potentially dangerous email before it actually enters a system using whitelists, blacklists and real-time blocking.
Looking beyond anti-spam and email blocking, we then looked at how the products integrate with other corporate security systems, such as anti-virus offerings.
Finally, we tested features such as each device’s ability to create and apply rules looking for specific phrases and text, thereby preventing confidential corporate information being released and/or abusive emails being sent from a corporate server.