Exchange Server (2010) Anti-Spam Transport Agent filtering options

[destrekor]

Per the title, anyone familiar with a good starting-point list (think Adblock Plus and the ability to customize the hosts list) of what I could plug into the Transport agent?

Is there a website or group that maintains a list of known spam senders, keywords, etc, that I could check from time to time and add to the filters?

We currently have nothing filtered here, and spam has been getting worse lately.

 

[imagoon]

Disable it and use another service... Postini, barracuda etc. Exchanges is lack luster at best. There is no way for you to compete compared to the bigger names.

 

[destrekor]

Disable it and use another service... Postini, barracuda etc. Exchanges is lack luster at best. There is no way for you to compete compared to the bigger names.

Are they pay for?

I naturally assumed we'd need to pay for a service, and that anything bundled with Exchange was going to suck miserably, but while we investigate a better service, at least giving this free -- bundled with what we have already paid for -- product a chance can't hurt.

 

[blurredvision]

Are you looking to enter tons of individual email addresses to block? If you're able, install the Edge role on your Hub Transport server (or a separate Edge server, ideally) and use the built-in anti-spam feature. That will use free block lists that will update themselves.

With that said, imagoon is correct, you're better off with a paid service of some sort.

 

[destrekor]

Are you looking to enter tons of individual email addresses to block? If you're able, install the Edge role on your Hub Transport server (or a separate Edge server, ideally) and use the built-in anti-spam feature. That will use free block lists that will update themselves.

With that said, imagoon is correct, you're better off with a paid service of some sort.

Does it have to be Edge?

To be clear, our main server is SBS 2011, and we are using the Exchange Server 2010 feature.

When I look under Hub Transport under Organization Configuration, there's Anti-Spam there.

What is the free block lists that will update themselves? Is that something not configurable, and not visible?
Would that be why I do see SOME email hit the Junk folder in Outlook, with a tag that says "SCL 4" or whatever?
I was looking at the few sections that are Enabled, but didn't really see any further configuration.
So it's more or less an automatic system, unless you enter each email/domain/IP/whatever you specifically want to block?

If so, I see why one might say it's terrible. So much junk gets through without any tags.

 

[imagoon]

Exchange content filtering which antispam is a part of work by setting a scale from 0-10 for likeliness of a message being spam. The built in one can be configured manually with addresses but in reality it isn't effective. Microsoft offers ForeFront for that. The idea is that spam lists would increment the number until it hits the end of the chain and if the message has a score that exceeds what the admins set as spam, it gets marked as spam or bad. Outlook itself also have a junk mail list that is updated from MS update. The reason no one really provides a list of bad addresses is because spam is typically from random names and addresses and they use things like content, SPF number of messages seen from the system etc to determine spam from meta data and predictive algorithms. By far the least useful is address blocking. Entire domains might work for advertising spam but the true junk is pretty random and a lot more involved than "a list for addresses."

This isnt all that different than spamassassin from 15 years ago.

 

[destrekor]

phew!

Barracuda is a device purchase. Looks like $1500 for the device itself, security service and warranty separate.
Postini is no longer available separately and is now a part of the Google Apps package. At $5/mo or $50/yr per user, when that's the only Google Apps service we'd use, that seems a bit outrageous.

Are there better options, with cost considered?
What of other software vendors and their options? We use GFI's Vipre software, hear anything good (or bad) of their MailEssentials service?
MailEssentials Online looks to be about $12/yr per user for our business.
The on-premise package, Mail Essentials, would be about double that - still, about half of what Google's annual per user fee is.

I haven't looked at anyone else like Symantec.

 

[imagoon]

I have worked with Barracuda and Postini. Postini is fantastic and is priced as such. Barracudas also work pretty well and I have used them in the last 2 places I have been. If you can, save money by getting the VM model instead of hardware. "Anti-spam on the desktop" is not an option you should look at. Postini and Barracuda do it before it hits the Exchange server lowering the load on Exchange itself where desktop apps act like mail clients and increase the load.

 

[destrekor]

I have worked with Barracuda and Postini. Postini is fantastic and is priced as such. Barracudas also work pretty well and I have used them in the last 2 places I have been. If you can, save money by getting the VM model instead of hardware. "Anti-spam on the desktop" is not an option you should look at. Postini and Barracuda do it before it hits the Exchange server lowering the load on Exchange itself where desktop apps act like mail clients and increase the load.

Something tells me when you worked with it, it was cheaper.

You can no longer get Postini by itself. You have to pay for Google Apps, whether you want everything Google offers or not.

We have somewhere between 50-70 users - sadly, the Virtual approach with Barracuda means I have to step up to the level that supports 1000 users (the smaller package stops at 50 for Vx) - which is $1500/yr - even for 100 users, that's ridiculous. Great for 800 users, though.

Google is better with per-user, but even at the low end, 50 users is $2500/yr (if paying per year, and not per month).

These may be great services, but Google clearly intends to get an enterprise all in, rather than offer Postini separate anymore. It can work with your own services, like before, but if you get Apps to only use Postini, you are paying far more than anyone rightfully should.

 

[blurredvision]

Does it have to be Edge?

To be clear, our main server is SBS 2011, and we are using the Exchange Server 2010 feature.

When I look under Hub Transport under Organization Configuration, there's Anti-Spam there.

No, doesn't have to be apparently, I didn't know anti-spam was included with the version of Exchange you are using. If the anti-spam option is there, then blocklists are available to you. Just be warned that this method is more of a brute force blocking method than a more subtle method that you would get with a dedicated spam filter solution. My experience with block lists results in lots of false positives.

EDIT: Just to add, I've used both Barracuda and Postini. If it were up to me, I'd choose Barracuda easily. Postini does the job but I find the support to be very slow and lackluster. With Barracuda, their filtering is fantastic, options are easy to understand and set, and support is a phone call away and always have very knowledgeable reps.

 

[blurredvision]

We have somewhere between 50-70 users - sadly, the Virtual approach with Barracuda means I have to step up to the level that supports 1000 users (the smaller package stops at 50 for Vx) - which is $1500/yr - even for 100 users, that's ridiculous. Great for 800 users, though.

It would be worth a call to Barracuda to see what, if anything, they could do for you.

 

[imagoon]

Something tells me when you worked with it, it was cheaper.

You can no longer get Postini by itself.

They lowered the price when they made it part of google apps.

$1500 a year for 70 users is cheap. Also you never pay retail....

 

[destrekor]

They lowered the price when they made it part of google apps.

$1500 a year for 70 users is cheap. Also you never pay retail....

Do all of these businesses accept a certain level of haggling or something?

As in, "oh.. well, I think I'll settle on a different service.." and they offer something lower?

I'm new to buying services/goods for a business - so help me out here.

We've got a few other things in the works now, but they were either begun before I started, or my official employer has handled it (I was hired on by one company, specifically to work at this company - I actually started interviewing with them direct but then fell in with this group - the people in my position at my employer generally do projects for a few clients)

edit:
also, again, Postini cost more than $50/yr per user?

If I charged for 70 users, at Google Apps it's 3500/yr. Good price when all is said and done for everything included, but... not for filtering alone, imho. I have yet to see any other place cost nearly that much. Over $2000, I think, but I've only seen one (Symantec) at that level, and they are sort of like Google in that the filter is bundled with a few other services.

 

[imagoon]

You always need to work with the providers when purchasing stuff like this. Call CDW and talk to a person. Nearly 100% of the time the price is lower than what is listed on Barracuda's site because Barracuda uses a resellers model.

There once a time when Postini was $8-10 a month. Their service was just that good because it blew away other providers. They are also not just antispam, they are HA inbound email redundancy and load reducer because of the spam reduction. It cost more than others but it let us drop our inbound smtp servers from 8 to 4 and could have gone smaller but we wanted redundancy at the datacenter level so 2 went in to each DC.