RE: Spam issue Exch2k
- From: "Mark Justin" <mark_justin_mc@xxxxxxxxxxx>
- To: exchangelist@xxxxxxxxxxxxx
- Date: Sat, 13 Sep 2003 05:58:08 -0600
Actually, i would say the only thing you Sunbelt guys smoke is a joint!
I evaluated MailMarshal, MailEssentials and Ihatespam, and found Ihatespam
the lesser of them all.
GFI MailEssentials 9 includes a Bayesian filter, which adapts itself
automatically and does not need updates like an AV system (archaic
system). After the learning process of the filter, i achieved some 97%
spam catch rate. I also found it easy to install and setup. ALso you are
completely wrong about GFI MailEssentials not having a user quarantine:
All mail marked as spam is sent to the users junk mail folder - for easy
review by the user him/herself.
MailMarshall is good too, and has a powerful rule capability. But i found
it more expensive and so I went for GFI MailEssentials. Its working
perfectly so far.
Ihatespam was last. Complex, bloated software. And you guys are full
marketing hype. You guys promise mainframe style support. Well you
definitely have old style IBM sales tactics! And your biased newsletter is
downright spam - I had difficulty getting off the newsletter and so did
others - check out this URL - i wasnt alone it seems!
http://tinyurl.com/n413
So go try to hard-sell your spam software elsewhere please! This is a
technical discussion list!
Mark
> The thing about spam filters and packages is FALSE POSITIVES you are
> right. False positives will kill you. Server based spam filters that
> actually block ALL spam at the server level, or DNS 'blackholes', can
> hide this in that you never even KNOW something never got to you that
> should have. This is the major problem with 'Black hole' DNS lists that
> harried email admins turn to, to stem the rising tide of spam, and
> directed by angered executives that demand it be stopped. But, no one
> ever knows what got blocked, or blackholed, or whether it was legit
> email or not. It's a general observation that groups of very angry
> people with a strongly shared interest make for mobs. Mobs get into odd
> thinking like "the ends justifies the means", and odd behavior such as
> "judge, jury, executioner". Well, to us, that about describes RBLs, a
> phenomenon akin to McCarthyism. No chance on THOSE False positives.
>
> Some of the more noticeable competitors we have are MailMarshall and GFI
> MailEssentials. =20
> However, something really important that we have that many of the others
> don't is the ability for users to see the quarantined mail, EASILLY
> right in Outlook, per user. We also let you CHOOSE the mailboxes that
> get filtered.
>
> Here is the product running on my own mailbox, with my own quarantine
> folder that I review once or twice a day:
> http://www.sunbelt-software.com/ihse/ihsse_outlook.gif
>
> Note the preview pane. That was merely for the screenshot, normally this
> is not turned on to avoid web bugs in html email from 'phoning home'.=20
>
> Now, All anti-spam products have SOME degree of false positives. The
> real mark of a good anti-spam product is how it deals with false
> positives. If it forces the administrator to manually go through some
> special quarantine inbox at the server, it's actually incredibly time
> consuming and unproductive (especially considering the sheer volume of
> spam these days!). And one persons spam is another persons thesis
> subject, so we put spam control on the user to avoid the admin
> headaches.
>
> See this article, for example, re GFI Mail Essentials:
>
> http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=3D9400=
> 3
> 46
>
> here, if that wrapped:
> http://tinyurl.com/bno7
>
> One other Anti-Spam product for Exchange emails the Exchange
> Administrator every time it quarantines an email so he can look at it.
> This is obviously self-defeating in that the users get no spam, maybe,
> and false positives that get quarantined are for the Exchange Admin or
> his assistant or some junior IT-type to "eyeball-filter" and forward--
> sometimes days later. So regardless, the Admin gets it all on his plate,
> which is already full. Some admins are creative: using these other
> packages they have a contraption of scripts and virtual rubber bands to
> forward all 'spam' to a public folder so ALL the company users can go
> through all 3500 spams a day to check for false positives. That's not so
> good if you want users to get work done. Not to mention the privacy
> issue of routing possibly sensitive information as a false positive to a
> public folder.=20
>
> We just won a couple of awards with iHateSpam Server , voted by the
> USERS and ADMINS, not the Editors, here:
> Best New Product of the year awards:
> http://www.winnetmag.com/Articles/Index.cfm?ArticleID=3D39934
>
> And Best Anti-Spam Tool:
> http://www.winnetmag.com/Articles/Index.cfm?ArticleID=3D40151
>
> In some organizations, the Exchange admin has no mandate to read or
> monitor all the email, even though he may have that ability. The
> legalities of this are still being debated and case law is ambiguous at
> best. What if a sensitive email that was never meant for his or her
> eyes ends up in the quarantine folder checked by the administrator?
>
> McAfee is using its 0.05% false positives rate as a marketing point,=20
> which doesn't work for me. Sounds like a hospital saying that they only
> kill 0.05% of their patients. We do not have this problem due to the way
> we 'quarantine' mail. Then we can tune IHSSE settings and thresholds to
> get rid of even those few that users may get. But still they are there
> for the correctly addressed USER to sort out instead of the ADMIN, thus
> s maintaining privacy.=20
>
> We avoid the whole "false positives unknown or blocked" situation with
> the user quarantine folder. Of course there ARE things that we can
> totally block and delete at the server, by name or domain or keyword,
> with a Global Blacklist and threshold settings. But in some public
> organizations and places that exact action is illegal, or in violation
> of organizational charters.=20
>
> When the users manage their own spam, and something is mistakenly
> quarantined the user then whitelists that email, so it never gets
> quarantined again. Anyone in his or her Outlook Contacts or the GAL will
> never be quarantined. So if your Mom, who is in your contacts, sent you
> a spam, you'd get it in your Inbox.=20
>
> In addition, the server product benefits from definitions updates (from
> an official updates server) as described here:=20
> http://www.sunbelt-software.com/pressreleases.cfm?id=3D43
>
> Definitions are updated regularly, and can be scheduled.
>
> As more people buy the Client Version (which uses the same basic
> detection engine as the server) this network of spam fighters will grow
> even more effective than it already is. The Client product is available
> in Comp USA, Best Buy and in this coming week in Wal-Mart and has been
> voted the best anti-spam client on the market by several trade
> magazines.
>
> Eval Copy of the server version is here:
> http://www.sunbelt-software.com/product.cfm?id=3D931
>
> Damn I hate typing :)
>
> I will walk anyone through an install, it takes 5 minutes and no reboot
> is required.
>
>
> Regards,
>
> Bob
>
> *****************************************
> Bob Jiantonio
> Sunbelt Software
> Consultant
> 1-800-688-8404 ext. 263
> bobj@xxxxxxxxxxxxxxxxxxxx
> http://www.sunbelt-software.com=20
> *****************************************
>
>
>
>
>
> -----Original Message-----
> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]=20
> Sent: Friday, September 12, 2003 2:37 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Spam issue Exch2k
>
>
> http://www.MSExchange.org/
>
> We are currently evaluating spam filters. Our concern is false positives
> and business impact as a result. What is your expert opinion on false
> positives.
>
> Regards,
>
> Raj
>
> -----Original Message-----
> From: Bob Jiantonio [mailto:bobj@xxxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, September 11, 2003 5:46 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Spam issue Exch2k
>
>
> http://www.MSExchange.org/
>
> "GFI's offering or MailMarshal however it doesn't always catch newly
> crafted spam mails until you have altered or added new filters (im sure
> other members on this list could give indications on how much they need
> to maintain the text sensor scripts to block new spam waves)."
>
> That is where the iHateSpam Server Edition shines, we DO catch the newly
> formatted spams and update the Spam Definitions, much like your AV does:
> http://www.sunbelt-software.com/product.cfm?id=3D931
>
> 5 minute setup and pretty much forget it, except that you will now be
> getting much less spam by 95%.
>
> This tool smokes GFI and NetIQ, but.. I 'm biased. :) Our customers
> speak for themselves though.
>
> Bob
>
> -----Original Message-----
> From: Cresswell, Charles [mailto:charlesc@xxxxxxxxxxxxxxxx]=20
> Sent: Thursday, September 11, 2003 8:31 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Spam issue Exch2k
>
>
> http://www.MSExchange.org/
>
> You could get a spam shield like GFI's offering or MailMarshal however
> it doesn't always catch newly crafted spam mails until you have altered
> or added new filters (im sure other members on this list could give
> indications on how much they need to maintain the text sensor scripts to
> block new spam waves).
>
> The other alternative is to pay for a managed service to receive your
> email through, like messagelabs. They are obviously as about as up to
> date as you can be on their virus and spam filtering as it's the core of
> their business model.
>
> Either way its gonna cost money.
>
> Charles Cresswell, IS Manager
> 020 7213 0728
> The Association of Corporate Treasurers=20
> Ocean House
> 10/12 Little Trinity Lane=20
> London EC4V 2DJ=20
Other related posts:
