The thing about spam filters and packages is FALSE POSITIVES you are right. False positives will kill you. Server based spam filters that actually block ALL spam at the server level, or DNS 'blackholes', can hide this in that you never even KNOW something never got to you that should have. This is the major problem with 'Black hole' DNS lists that harried email admins turn to, to stem the rising tide of spam, and directed by angered executives that demand it be stopped. But, no one ever knows what got blocked, or blackholed, or whether it was legit email or not. It's a general observation that groups of very angry people with a strongly shared interest make for mobs. Mobs get into odd thinking like "the ends justifies the means", and odd behavior such as "judge, jury, executioner". Well, to us, that about describes RBLs, a phenomenon akin to McCarthyism. No chance on THOSE False positives. Some of the more noticeable competitors we have are MailMarshall and GFI MailEssentials. However, something really important that we have that many of the others don't is the ability for users to see the quarantined mail, EASILLY right in Outlook, per user. We also let you CHOOSE the mailboxes that get filtered. Here is the product running on my own mailbox, with my own quarantine folder that I review once or twice a day: http://www.sunbelt-software.com/ihse/ihsse_outlook.gif Note the preview pane. That was merely for the screenshot, normally this is not turned on to avoid web bugs in html email from 'phoning home'. Now, All anti-spam products have SOME degree of false positives. The real mark of a good anti-spam product is how it deals with false positives. If it forces the administrator to manually go through some special quarantine inbox at the server, it's actually incredibly time consuming and unproductive (especially considering the sheer volume of spam these days!). And one persons spam is another persons thesis subject, so we put spam control on the user to avoid the admin headaches. See this article, for example, re GFI Mail Essentials: http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=94003 46 here, if that wrapped: http://tinyurl.com/bno7 One other Anti-Spam product for Exchange emails the Exchange Administrator every time it quarantines an email so he can look at it. This is obviously self-defeating in that the users get no spam, maybe, and false positives that get quarantined are for the Exchange Admin or his assistant or some junior IT-type to "eyeball-filter" and forward-- sometimes days later. So regardless, the Admin gets it all on his plate, which is already full. Some admins are creative: using these other packages they have a contraption of scripts and virtual rubber bands to forward all 'spam' to a public folder so ALL the company users can go through all 3500 spams a day to check for false positives. That's not so good if you want users to get work done. Not to mention the privacy issue of routing possibly sensitive information as a false positive to a public folder. We just won a couple of awards with iHateSpam Server , voted by the USERS and ADMINS, not the Editors, here: Best New Product of the year awards: http://www.winnetmag.com/Articles/Index.cfm?ArticleID=39934 And Best Anti-Spam Tool: http://www.winnetmag.com/Articles/Index.cfm?ArticleID=40151 In some organizations, the Exchange admin has no mandate to read or monitor all the email, even though he may have that ability. The legalities of this are still being debated and case law is ambiguous at best. What if a sensitive email that was never meant for his or her eyes ends up in the quarantine folder checked by the administrator? McAfee is using its 0.05% false positives rate as a marketing point, which doesn't work for me. Sounds like a hospital saying that they only kill 0.05% of their patients. We do not have this problem due to the way we 'quarantine' mail. Then we can tune IHSSE settings and thresholds to get rid of even those few that users may get. But still they are there for the correctly addressed USER to sort out instead of the ADMIN, thus s maintaining privacy. We avoid the whole "false positives unknown or blocked" situation with the user quarantine folder. Of course there ARE things that we can totally block and delete at the server, by name or domain or keyword, with a Global Blacklist and threshold settings. But in some public organizations and places that exact action is illegal, or in violation of organizational charters. When the users manage their own spam, and something is mistakenly quarantined the user then whitelists that email, so it never gets quarantined again. Anyone in his or her Outlook Contacts or the GAL will never be quarantined. So if your Mom, who is in your contacts, sent you a spam, you'd get it in your Inbox. In addition, the server product benefits from definitions updates (from an official updates server) as described here: http://www.sunbelt-software.com/pressreleases.cfm?id=43 Definitions are updated regularly, and can be scheduled. As more people buy the Client Version (which uses the same basic detection engine as the server) this network of spam fighters will grow even more effective than it already is. The Client product is available in Comp USA, Best Buy and in this coming week in Wal-Mart and has been voted the best anti-spam client on the market by several trade magazines. Eval Copy of the server version is here: http://www.sunbelt-software.com/product.cfm?id=931 Damn I hate typing :) I will walk anyone through an install, it takes 5 minutes and no reboot is required. Regards, Bob ***************************************** Bob Jiantonio Sunbelt Software Consultant 1-800-688-8404 ext. 263 bobj@xxxxxxxxxxxxxxxxxxxx http://www.sunbelt-software.com ***************************************** -----Original Message----- From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx] Sent: Friday, September 12, 2003 2:37 PM To: [ExchangeList] Subject: [exchangelist] RE: Spam issue Exch2k http://www.MSExchange.org/ We are currently evaluating spam filters. Our concern is false positives and business impact as a result. What is your expert opinion on false positives. Regards, Raj -----Original Message----- From: Bob Jiantonio [mailto:bobj@xxxxxxxxxxxxxxxxxxxx] Sent: Thursday, September 11, 2003 5:46 PM To: [ExchangeList] Subject: [exchangelist] RE: Spam issue Exch2k http://www.MSExchange.org/ "GFI's offering or MailMarshal however it doesn't always catch newly crafted spam mails until you have altered or added new filters (im sure other members on this list could give indications on how much they need to maintain the text sensor scripts to block new spam waves)." That is where the iHateSpam Server Edition shines, we DO catch the newly formatted spams and update the Spam Definitions, much like your AV does: http://www.sunbelt-software.com/product.cfm?id=931 5 minute setup and pretty much forget it, except that you will now be getting much less spam by 95%. This tool smokes GFI and NetIQ, but.. I 'm biased. :) Our customers speak for themselves though. Bob -----Original Message----- From: Cresswell, Charles [mailto:charlesc@xxxxxxxxxxxxxxxx] Sent: Thursday, September 11, 2003 8:31 AM To: [ExchangeList] Subject: [exchangelist] RE: Spam issue Exch2k http://www.MSExchange.org/ You could get a spam shield like GFI's offering or MailMarshal however it doesn't always catch newly crafted spam mails until you have altered or added new filters (im sure other members on this list could give indications on how much they need to maintain the text sensor scripts to block new spam waves). The other alternative is to pay for a managed service to receive your email through, like messagelabs. They are obviously as about as up to date as you can be on their virus and spam filtering as it's the core of their business model. Either way its gonna cost money. Charles Cresswell, IS Manager 020 7213 0728 The Association of Corporate Treasurers Ocean House 10/12 Little Trinity Lane London EC4V 2DJ tel: +44.(0)20 7213 9728 fax: +44.(0)20 7248 2591 www: http://www.treasurers.org Notice of Confidentiality This e-mail (and any attachments) is intended for the named addressee(s) only. It contains information that may be confidential. Unless you are the named addressee (or authorised to receive it for the addressee) you may not read, copy, use, or disclose it to anyone else. Unauthorised use, copying or disclosure is strictly prohibited and may be unlawful. If you have received this transmission in error, please notify the sender by telephone immediately 020 7213 0705 and delete the message from your e-mail system. The Association of Corporate Treasurers may monitor outgoing and incoming e-mails and other telecommunications on its e-mail and telecommunications systems. By replying to this e-mail you give your consent to such monitoring. The Association of Corporate Treasurers is a company limited by guarantee. It is registered in England at the above address, registration number 1445322. #ACT# ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: bobj@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')