3 Types of Antispam Software - dummies

By Doug Lowe

The many different antispam programs that are available fall into three broad categories: on-premises, appliance, and cloud based (hosted). The following sections describe the relative merits of each of these approaches to providing antispam for your organization.

On-premises antispam

An on-premises antispam program runs on a server on your network and interacts directly with your email server. Email that arrives at your server is passed over to the antispam program, which evaluates the email to determine whether it’s spam or legitimate mail. The antispam software uses a variety of techniques to identify spam and can usually be configured for optimal performance. Email that is identified as legitimate is handed back to the email server for normal processing. Depending on how you configure the software, email that is identified as spam may be sent to your users’ Junk folders or stored in some other location.

In smaller organizations, the antispam software can run on the same server as the email server (for example, Microsoft Exchange). In larger organizations, the antispam software can be configured to run on its own dedicated server, separate from the mail server(s).

Here are some of the advantages of using an on-premises antispam product:

  • You have complete control over the configuration and operation of the software. Most on-premises antispam software is highly configurable, often providing a dozen or more distinct filtering methods, which you can customize in many different ways. (For more information, see the section “Understanding Spam Filters,” earlier in this chapter.)
  • On-premises antispam software is usually tightly integrated not only with Microsoft Exchange but also with Microsoft Outlook. Spam email typically appears in the users’ Junk folders, and the software often provides an Outlook add-in that makes it easy for users to mark incorrectly identified email.
  • On-premises software is relatively inexpensive. Typically, you pay an upfront fee to purchase the license, as well as an annual maintenance fee to receive regular updates not only to the software but also to the spam filters.

Here are the main disadvantages of on-premises antispam software:

  • You’re responsible for installing, patching, configuring, updating, and otherwise maintaining the software.
  • Because the relationship between the email server and the antispam software is complicated, on-premises antispam software periodically malfunctions. Such a malfunction usually halts mail flow throughout your organization. It then becomes your responsibility to correct the problem so that mail begins flowing again. (This usually happens just at the moment when your boss is expecting an important email, and you find yourself diagnosing and fixing the problem while your boss watches over your shoulder.)
  • On-premises antispam software increases the workload on your servers, requiring additional resources in the form of processor time, RAM, disk storage, and network bandwidth.

Antispam appliances

An antispam appliance is essentially an on-premises server in a dedicated box that you install at your location. The appliance is usually a self-contained Linux-based computer running antispam software that is pre-installed on the appliance. This makes the appliance essentially plug-and-play; you just set it up, connect it to your network, turn it on, and configure it using a simple web-based interface. When the appliance is up and running, it can provide many, if not all, of the features of on-premises antispam software.

Here are some of the main advantages of using an antispam appliance:

  • Because the appliance includes its own hardware and pre-installed operating system, you don’t have to worry about purchasing hardware separately, installing an operating system, installing software, or any of the other tasks associated with setting up a server.
  • After it’s set up, an appliance will pretty much take care of itself. You’ll need to check on it once in a while, but appliances are designed to be self-sufficient.
  • The appliance may provide other security features, such as antivirus and firewall protection. Thus, a single appliance can handle many of your network’s security and protection needs.

Using an antispam appliance is not without its disadvantages:

  • Eventually, you’ll outgrow the appliance. For example, if the number of users on your network doubles, you may run out of disk space.
  • If the appliance fails, you may have trouble getting it back up and running. When a normal Windows server fails, you can usually troubleshoot the problem and get the server back up and running. Because of the self-contained nature of an appliance, troubleshooting it can be difficult when it’s nonresponsive.

Cloud-based antispam services

A cloud-based antispam service (also called hosted antispam) is an Internet-based service that filters your email before it ever arrives at your mail server. When you use hosted antispam, you reconfigure your public DNS so that your mail server (the MX record) points to the cloud-based antispam server rather than to your mail server. That way, all email sent to your organization is first processed by the servers at the antispam service before it ever arrives at your mail server. Only those emails that are deemed to be legitimate are forwarded to your mail server; spam emails are stored in the cloud, where they can be reviewed and retrieved by your users if necessary.

Typically, you pay for hosted antispam based on how many users you have. For example, you might pay a monthly fee of $2 per user. As your organization grows, you simply purchase additional subscriptions.

Here are some of the main advantages of using cloud-based antispam:

  • You get to skip the hassle of installing and configuring software, integrating the software with Exchange, maintaining and patching the software, and all the other chores associated with hosting your own server on your own premises. Your monthly subscription charges cover the cost of someone else doing all that work.
  • Because you don’t have to buy software or hardware, there is no initial investment. You simply subscribe to the service and pay the monthly service charges. (As an added bonus, if you’re dissatisfied with the service, you can easily move to a different one. Switching to a different antispam appliance or on-premises solution is a much more complicated and expensive affair.)
  • A cloud-based antispam solution scales easily with your organization. If you double the number of users, you simply pay twice as much per month. You don’t have to worry about running out of disk space, RAM, clock cycles, or network bandwidth.
  • Cloud-based antispam takes a huge load off your network and your mail server. Because someone else filters your spam for you, spam never enters your network. In most organizations, email is one of the most taxing applications running on the network. Using cloud-based antispam can easily cut incoming network traffic in half; in some cases, it might cut traffic by as much as 90 percent.

As you would expect, there are drawbacks to using cloud-based antispam:

  • You give up some control. Cloud-based services usually have fewer configuration options than on-premises software. For example, you’ll probably have fewer options for customizing the spam filters.
  • If the service goes down, so does your incoming email. You won’t be able to do anything about it except call technical support. And you can count on getting a busy signal, because when the service goes down, it isn’t just you that’s affected; it’s all its customers. (Of course, this gives such services plenty of motivation to ensure that they fix the problem right away.)