Printer Friendly Version

GFI MailEssentials

Although all of the products that I listed above are good, my personal favorite is GFI MailEssentials. The reason that I like the GFI product so much is that it has some really practical methods for catching spam. For starters, the product looks at what language the inbound messages are sent in. A lot of spam comes from foreign countries and is not even written in English. If a message comes into your organization in a foreign language, the message can automatically be treated as spam if you choose.

Another big plus is the way that GFI makes use of black lists and white lists. While all of the major anti-spam products use black lists and white lists, the GFI product can also use third-party blacklists. This means that the GFI product can take advantage of Internet databases containing the IP addresses of known spammers. What makes the product even more attractive is that the anti-spam DNS blacklists checking (ORDBC etc.), custom blacklist and automatic white list modules are freeware. In addition, one can configure one disclaimer. These features will not time out after evaluation has ended.

Another nice perk to GFI MailEssentials is that they are now offering disclaimer software for free to users of GFI MailEssentials. The disclaimer product is an add-on module that allows you to place a legal disclaimer at the end of end of outbound messages. Such disclaimers can protect your company against litigation arising from an employee's inappropriate use of e-mail.

Perhaps my favorite feature of GFI MailEssentials was that it allows greater control of detected spam than some of the other products. For example, spam can be automatically deleted, forwarded to someone for review, or flagged as spam and sent to the user for review. This option to review mail flagged as spam allows for greater fine tuning and thus better spam detection accuracy than you would get from an out of the box configuration. If a message has been flagged as spam, you can configure GFI MailEssentials to deliver a fake non delivery report to the sender. The idea is that if you can trick the sender into thinking that your e-mail address is bad then there is a really good chance that you will be removed from the sender's mailing list.

Surf Control

SurfControl is another good anti-spam product. SurfControl takes an eight-step approach to filtering spam. First, SurfControl closes the mail relay host. This prevents spammers from being able to relay spam through your server on its way to other destinations. Closing the relay host is a nice feature, but can be easily done directly through Exchange.

Next, SurfControl uses an anti-spam agent to test each inbound message. Some of the tests performed on the messages include a dictionary based scan that looks for words and phrases commonly used in spam, and a client name DNS lookup. This lookup tests each address by comparing the sending domain's DNS entry against the IP address that actually sent the message. This tests for spoofed e-mail addresses. Messages are also checked against a live database of blacklisted senders. Senders can be blacklisted by domain, e-mail address, and IP address. One of the features that I liked the best about SurfControl is that the online database contains actual spam messages that have been hashed to produce digital signatures. When a new message arrives, the message's digital signature is compared against those stored in the database. Finally, if a message contains HTML code, the HTML code can be stripped from the message, removing any potentially harmful code.

Ipop

My third pick for a mail filtering solution is Ipop. Ipop works by first quarantining any message that is infected with a virus, and then performing some basic checks against the message. What I like is that these checks tend to work by asking some very logical questions about the message. These questions include things like: was the sender's domain invalid? Is the sender a known spammer? Was the message sent from a server that allows spam to be relayed through it? Are the headers properly formatted? Is the message's routing obscured? Although Ipop isn't quite as robust as GFI MailEssentials or SurfControl, it tends to be easy to set up and does a reasonably good job.

Software Comparison by Feature

Now that I have revealed my top three picks for anti-spam software, you're probably wondering which product is the best. The truth is that best is a relative term because what works best for one environment may not necessarily work the best in another environment. In an effort to make my comparison as objective as possible, I have created the chart below with a feature-by-feature comparison of the products. This should help you figure out what will work best in your own environment. In case you're wondering, my personal choice for an Exchange level anti-spam solution would be GFI MailEssentials. The only thing that GFI MailEssentials seems to be lacking that the other two products have is anti-virus support. GFI does make a supplementary product called GFI MailSecurity that provides anti-virus support to GFI MailEssentials, and addresses a number of other security issues as well. Additionally, you could address the anti-virus problem by using a dedicated Exchange level anti -irus product such as Hauri's ViRobot for Exchange 2000.

Feature	GFI MailEssentials	Ipop	Surf Control
Closed relay host			X
Database-based message comparison	X		X
Message tracking by message's digital signature			X
Dictionary-based detection	X		X
Spam filtering by category			X
Adaptive learning	Available June 2003		X
Guard against false positives	X		X
HTML stripping			X
Sender name spoofing detection	X	X	X
Blacklist by domain, e-mail address and IP address	X	X	X
Support for third party blacklist databases	X	X
White lists	X	X
Anti-virus support	By adding GFI MailSecurity	X	With anti-virus agent
Message language test	X
Fake non-delivery report creation	X
Disclaimer software included	X
Message header analysis	X	X
Advanced mail monitoring	X