RE: Spam issue Exch2k
- From: "Bob Jiantonio" <bobj@xxxxxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 12 Sep 2003 15:00:32 -0400
The thing about spam filters and packages is FALSE POSITIVES you are
right. False positives will kill you. Server based spam filters that
actually block ALL spam at the server level, or DNS 'blackholes', can
hide this in that you never even KNOW something never got to you that
should have. This is the major problem with 'Black hole' DNS lists that
harried email admins turn to, to stem the rising tide of spam, and
directed by angered executives that demand it be stopped. But, no one
ever knows what got blocked, or blackholed, or whether it was legit
email or not. It's a general observation that groups of very angry
people with a strongly shared interest make for mobs. Mobs get into odd
thinking like "the ends justifies the means", and odd behavior such as
"judge, jury, executioner". Well, to us, that about describes RBLs, a
phenomenon akin to McCarthyism. No chance on THOSE False positives.
Some of the more noticeable competitors we have are MailMarshall and GFI
MailEssentials.
However, something really important that we have that many of the others
don't is the ability for users to see the quarantined mail, EASILLY
right in Outlook, per user. We also let you CHOOSE the mailboxes that
get filtered.
Here is the product running on my own mailbox, with my own quarantine
folder that I review once or twice a day:
http://www.sunbelt-software.com/ihse/ihsse_outlook.gif
Note the preview pane. That was merely for the screenshot, normally this
is not turned on to avoid web bugs in html email from 'phoning home'.
Now, All anti-spam products have SOME degree of false positives. The
real mark of a good anti-spam product is how it deals with false
positives. If it forces the administrator to manually go through some
special quarantine inbox at the server, it's actually incredibly time
consuming and unproductive (especially considering the sheer volume of
spam these days!). And one persons spam is another persons thesis
subject, so we put spam control on the user to avoid the admin
headaches.
See this article, for example, re GFI Mail Essentials:
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=94003
46
here, if that wrapped:
http://tinyurl.com/bno7
One other Anti-Spam product for Exchange emails the Exchange
Administrator every time it quarantines an email so he can look at it.
This is obviously self-defeating in that the users get no spam, maybe,
and false positives that get quarantined are for the Exchange Admin or
his assistant or some junior IT-type to "eyeball-filter" and forward--
sometimes days later. So regardless, the Admin gets it all on his plate,
which is already full. Some admins are creative: using these other
packages they have a contraption of scripts and virtual rubber bands to
forward all 'spam' to a public folder so ALL the company users can go
through all 3500 spams a day to check for false positives. That's not so
good if you want users to get work done. Not to mention the privacy
issue of routing possibly sensitive information as a false positive to a
public folder.
We just won a couple of awards with iHateSpam Server , voted by the
USERS and ADMINS, not the Editors, here:
Best New Product of the year awards:
http://www.winnetmag.com/Articles/Index.cfm?ArticleID=39934
And Best Anti-Spam Tool:
http://www.winnetmag.com/Articles/Index.cfm?ArticleID=40151
In some organizations, the Exchange admin has no mandate to read or
monitor all the email, even though he may have that ability. The
legalities of this are still being debated and case law is ambiguous at
best. What if a sensitive email that was never meant for his or her
eyes ends up in the quarantine folder checked by the administrator?
McAfee is using its 0.05% false positives rate as a marketing point,
which doesn't work for me. Sounds like a hospital saying that they only
kill 0.05% of their patients. We do not have this problem due to the way
we 'quarantine' mail. Then we can tune IHSSE settings and thresholds to
get rid of even those few that users may get. But still they are there
for the correctly addressed USER to sort out instead of the ADMIN, thus
s maintaining privacy.
We avoid the whole "false positives unknown or blocked" situation with
the user quarantine folder. Of course there ARE things that we can
totally block and delete at the server, by name or domain or keyword,
with a Global Blacklist and threshold settings. But in some public
organizations and places that exact action is illegal, or in violation
of organizational charters.
When the users manage their own spam, and something is mistakenly
quarantined the user then whitelists that email, so it never gets
quarantined again. Anyone in his or her Outlook Contacts or the GAL will
never be quarantined. So if your Mom, who is in your contacts, sent you
a spam, you'd get it in your Inbox.
In addition, the server product benefits from definitions updates (from
an official updates server) as described here:
http://www.sunbelt-software.com/pressreleases.cfm?id=43
Definitions are updated regularly, and can be scheduled.
As more people buy the Client Version (which uses the same basic
detection engine as the server) this network of spam fighters will grow
even more effective than it already is. The Client product is available
in Comp USA, Best Buy and in this coming week in Wal-Mart and has been
voted the best anti-spam client on the market by several trade
magazines.
Eval Copy of the server version is here:
http://www.sunbelt-software.com/product.cfm?id=931
Damn I hate typing :)
I will walk anyone through an install, it takes 5 minutes and no reboot
is required.
Regards,
Bob
*****************************************
Bob Jiantonio
Sunbelt Software
Consultant
1-800-688-8404 ext. 263
bobj@xxxxxxxxxxxxxxxxxxxx
http://www.sunbelt-software.com
*****************************************
-----Original Message-----
From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
Sent: Friday, September 12, 2003 2:37 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Spam issue Exch2k
http://www.MSExchange.org/
We are currently evaluating spam filters. Our concern is false positives
and business impact as a result. What is your expert opinion on false
positives.
Regards,
Raj
-----Original Message-----
From: Bob Jiantonio [mailto:bobj@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, September 11, 2003 5:46 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Spam issue Exch2k
http://www.MSExchange.org/
"GFI's offering or MailMarshal however it doesn't always catch newly
crafted spam mails until you have altered or added new filters (im sure
other members on this list could give indications on how much they need
to maintain the text sensor scripts to block new spam waves)."
That is where the iHateSpam Server Edition shines, we DO catch the newly
formatted spams and update the Spam Definitions, much like your AV does:
http://www.sunbelt-software.com/product.cfm?id=931
5 minute setup and pretty much forget it, except that you will now be
getting much less spam by 95%.
This tool smokes GFI and NetIQ, but.. I 'm biased. :) Our customers
speak for themselves though.
Bob
-----Original Message-----
From: Cresswell, Charles [mailto:charlesc@xxxxxxxxxxxxxxxx]
Sent: Thursday, September 11, 2003 8:31 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Spam issue Exch2k
http://www.MSExchange.org/
You could get a spam shield like GFI's offering or MailMarshal however
it doesn't always catch newly crafted spam mails until you have altered
or added new filters (im sure other members on this list could give
indications on how much they need to maintain the text sensor scripts to
block new spam waves).
The other alternative is to pay for a managed service to receive your
email through, like messagelabs. They are obviously as about as up to
date as you can be on their virus and spam filtering as it's the core of
their business model.
Either way its gonna cost money.
Charles Cresswell, IS Manager
020 7213 0728
The Association of Corporate Treasurers
Ocean House
10/12 Little Trinity Lane
London EC4V 2DJ
tel: +44.(0)20 7213 9728
fax: +44.(0)20 7248 2591
www: http://www.treasurers.org
Notice of Confidentiality
This e-mail (and any attachments) is intended for the named addressee(s)
only. It contains information that may be confidential. Unless you are
the named addressee (or authorised to receive it for the addressee) you
may not read, copy, use, or disclose it to anyone else. Unauthorised
use, copying or disclosure is strictly prohibited and may be unlawful.
If you have received this transmission in error, please notify the
sender by telephone immediately 020 7213 0705 and delete the message
from your e-mail system.
The Association of Corporate Treasurers may monitor outgoing and
incoming e-mails and other telecommunications on its e-mail and
telecommunications systems. By replying to this e-mail you give your
consent to such monitoring.
The Association of Corporate Treasurers is a company limited by
guarantee. It is registered in England at the above address,
registration number 1445322. #ACT#
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA
Server Resource Site: http://www.isaserver.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
bobj@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
