Product Review: SPAMfighter Exchange Module

by Brien M. Posey [Published on 5 Oct. 2011 / Last Updated on 5 Oct. 2011]

A look at SPAMfighter's SPAMfigher Exchange module.

Product: SPAMfighter Exchange Module

Product Homepage: www.spamfighter.com/Product_SEM.asp

Free 30-day trial: Click here

Introduction

When it comes to Exchange Server management, few tasks are as important as filtering spam. In a large organization spam can become so overwhelming that hunting for legitimate e-mail messages among the spam becomes like looking for a needle in a haystack. Even if an organization isn’t inundated with millions of spams each day, filtering spam is still important. Spam can sometimes carry malicious payloads, and there have been cases where employees have taken legal action against their employer after receiving an obscene spam.

Given the importance of spam filtering in the enterprise, I decided to take SPAMfighter’s SPAMfighter Exchange Module for a test drive (http://www.spamfighter.com/Product_SEM.asp). SPAMfighter Exchange Module is an anti-spam application designed to work with Exchange 2000, 2003, 2007, and 2010.

Before I Begin

Before I get started with the review, I want to talk for just a moment about my review process. Over the years, I have reviewed several different anti-spam products. In doing so I have found that it is really tough to write about how well such a product works because everybody has a different idea of what spam is. For example, I tend to get a lot of technology related newsletters in my E-mail. I actually read most of the newsletters that I get, but I know people who consider them to be spam. Likewise, some people enjoy getting jokes and viral videos from their friends, but others consider those types of messages to be spam.

Because everybody has different ideas about what spam is, I think that it would be unfair for me to review SPAMfighter for Exchange based on how well it catches spam. After all, any anti-spam program is going to let some spam slip through and have a few false positives until you really get it tuned in to your preferences. That being the case, I plan to focus my review solely on the administrative aspects. In other words, I am interested in how easy it is to deploy, manage, and maintain the SPAMfighter Exchange Module.

Installation

In preparation of this review, I downloaded the 30 day trial of SPAMfighter Exchange Module version 4.1.8.5. The download consisted of a 9.6 MB executable file that I launched directly on an Exchange server. The server that I am using for this review runs Exchange Server 2010 with SP1. This server is running the Mailbox, Hub Transport, and Client Access Server roles, and is the only server in the Exchange organization.

When I launched the downloaded file, it initiated a fairly standard installation wizard. One of the first things that the wizard did was to download and install the Microsoft Visual C++ Runtime. I really liked the fact that the wizard did not force me to abort the installation process to go find and download the required software (as so many other application installers do). Instead, the wizard automatically installed the required code for me.

Once the Visual C++ Runtime components were in place, the wizard walked me through a fairly standard setup routine. I had to accept the license agreement, provide my company name and my E-mail address, and specify the location where I wanted the software to be installed. After I chose my installation location, the wizard automatically downloaded some anti-spam updates.

After the updates finished downloading, the wizard informed me that it needed to create a service account. The wizard automatically provided the account name and filled in the name of my domain. All I had to do was to enter a password for the service account to use and the account was created automatically.

All in all, I found the setup process to be very simple and the whole thing completed in about ten minutes. Most of this time was spent downloading anti-spam data. I’m assuming that most people will find the installation process to be faster than it was for me because I have a slow Internet connection.

Using SPAMfighter

SPAMfighter Exchange Module is managed through a Web interface. I found the management interface to be very intuitive, and I had no trouble using it, even without reading the manual. SPAMfighter takes a hierarchical approach to keeping spam at bay. All of the anti-spam settings are contained within policies, which can be assigned to individual mailboxes.

There is also a User Groups feature which makes policy management easier in larger organizations. This feature allows you to split SPAMfighter Exchange Module into multiple segments (which SPAMfighter refers to as solutions). Each solution has its own individual mailbox settings, policy settings, and configuration settings.

One thing that I especially liked was that SPAMfighter allows for users to be imported from the Active Directory into a user group automatically. You can even base this automatic import on a user’s domain or organizational unit membership, as shown in Figure A. This feature should go a long way toward helping administrators to save time during the initial configuration process.


Figure A: Active Directory users can be imported into a user group automatically.

Policies

SPAMfighter policies consist of a series of filters and actions. As you can see in Figure B, there are five different filters that can be applied to a policy. SPAMfighter provides a default policy that uses all five filters, but you are free to create your own policies (or modify the default policy) in a way that disables certain filters or that rearranges the filter precedence.


Figure B: There are five filters that are applied to the default policy.

The VIRUSfighter Filter

The first of the filters is the VIRUSfighter filter. As the name implies, this filter scans inbound mail for viruses. The basic idea is that if a message is infected with a virus then it needs to be cleaned or deleted. Of course if you already have an anti-virus product for your Exchange organization then you don’t have to use the SPAMfighter anti-virus engine. The licensing costs decrease if you opt not to use the software’s anti-virus capabilities. However, there is something to be said for being able to manage spam and virus filtering through a single tool.

The Sender Filter

The next filter is the SPAMfighter Sender filter. This filter manages global whitelists and blacklists, as shown in Figure C. The filter gives you the ability to add individual E-mail addresses and entire domains to the whitelist or the blacklist. The software also gives you the option of importing the contents of a text file or a CSV file into the whitelist or the blacklist, which could prove to be very handy if you are migrating from another anti spam product.


Figure C: The Sender Filter manages the global whitelist and blacklist.

While I would have liked to see an option to use data from one of the real time blacklists, such as Spamhaus, I applaud SPAMfighter for adding an automatic whitelist feature in this version of the software. This feature saves end users the frustration of sending an E-mail message to someone, only to have the reply marked as spam. The feature works by automatically whitelisting every address to which a user sends a message.

Spam filtering isn’t just about keeping out the spam, but it is also about making sure that legitimate messages pass through the filter. SPAMfighter’s automatic whitelist feature goes a long way toward eliminating false positives. As great as this new feature is however, SPAMfighter has taken things one step further. As you can see in Figure D, SPAMfighter gives administrators the ability to purge addresses from the automatic whitelist after a period of time if they so desire.


Figure D: The new Automatic Whitelist feature helps to eliminate false positives.

The Content Filter

The third filter is the content filter, shown in Figure E. The content filter determines whether or not a message is spam based on message content. This is another area in which SPAMfighter has made improvements in the latest version.

Previously the content filter blocked potentially dangerous attachments, which is admittedly a very important task, but the new content filter now contains many more capabilities. The latest version gives you the ability to whitelist attachment types, which should prove to be extremely helpful to anyone who needs to receive executable files by E-mail. SPAMfighter has also added the ability to whitelist and blacklist specific phrases. The filter can look for key phrases in both the subject line and in the message body and can perform case insensitive searches.  


Figure E: The Content Filter allows you to whitelist or blacklist phrases and attachment types.

I realize that some of you may be wondering why SPAMfighter chose to include a file extension filter when Outlook already filters out potentially dangerous file extensions by default. There are actually several advantages to having such a filter built into SPAMfighter. Some of these advantages include:

  • The filter protects clients who may be running mail clients other than Outlook.
  • Some viruses have been known to attack Outlook’s filtering mechanism, so having a file extension filter in place at the server level adds an extra degree of protection.
  • The filter gives you the ability to add your own extensions. For example, you could prevent employees from receiving MP3 files by e-mail.

The Community Filter

The fourth available filter is the Community filter, shown in Figure F. One of SPAMfighter’s primary tactics for defending against spam is to base spam filtering on user consensus. Whenever a spam message slips through the filter, users have the ability to flag the message as spam. If enough people flag a particular message as being spam then the message’s signature is added to SPAMfighter’s spam definition database.


Figure F: The Community Filter takes user’s opinions into account in determining whether or not a message should be treated as spam.

The Community filter controls how much the user’s input is taken into account when determining whether or not a message is spam. SPAMfighter gives you the option of disabling the Community Filter or of setting a filter threshold. You can choose to block only the most obvious spam, or you can be really aggressive in blocking potential spam based on the opinions that SPAMfighter users have of a particular message.

The Language Filter

The fifth filter is the language filter. This filter works by examining the language that an inbound message is written in. For example, I tend to get a lot of spam that is written in Korean. I don’t speak much Korean, and I certainly don’t expect to get E-mails that are written in Korean. Therefore, it is a safe assumption that any messages that that are written in Korean are probably spam.


Figure G: The language filter filters messages based on the language that messages are written in.

In my own organization the language filter is so effective at removing spam that I would really like to see SPAMfighter move this filter up in the default profile so that it is processed second (right behind the virus filter). Of course, the software gives you the ability to adjust filtering priorities yourself, so you can arrange them in the manner that best suits your needs.

Actions

SPAMfighter uses filters to detect spam, but once the software has determined whether or not a message is spam, then it needs to know what to do with the message. This is where actions come into play. SPAMfighter has two different types of actions – Accept Actions and Block Actions. Accept actions determine what happens when a message is accepted, while block actions determine what happens after a message has been blocked.

SPAMfighter provides a variety of actions that can be taken. For example, if a message is blocked then it can be deleted, or you can append the subject line to reflect that the message is spam. You also have the option of forwarding or deleting spam, as well as sending a non delivery report to the sender. You can see the available block actions in Figure H.


Figure H: SPAMfighter offers a number of different block actions.

Statistics

Like most of the anti-spam applications on the market, SPAMfighter has the ability to produce statistics to show how much spam has been captured. The software breaks down the statistics so that you can see how much spam is being filtered across the board, but you can also see which of the filters are catching the most spam. SPAMfighter also has the ability to automatically E-mail daily, weekly, or monthly reports to the administrative staff.

The Outlook Plugin

Earlier I mentioned that end users had the ability to flag messages as spam. This is accomplished through an Outlook plugin, which is shown in Figure I (there is also a plug-in for OWA). As you can see in the figure, this plug-in adds a very simple set of options to the Outlook toolbar that users can use to block or unblock messages. Furthermore, each user has the ability to create their own custom whitelist, which is combined with the effective policy to determine exactly which messages will be filtered for that user. In the event of a contradiction between the user’s settings and the policy settings, the user’s settings take precedence. For instance, if a user has whitelisted an address that is blacklisted within the policy, then the address will remain whitelisted for that user.


Figure I: The Outlook Toolbar gives users the ability to block or unblock messages.

Pricing

Like most enterprise grade applications, SPAMfighter uses a tiered pricing structure. Pricing starts at $25 US dollars per mailbox for a one year license (without anti-virus support), but the cost per mailbox goes down for those purchasing licenses for large numbers of mailboxes or multiyear licenses. The cost of a one year license goes down to $4.42 per mailbox for organizations with 2500 or more mailboxes. The prices roughly double if you also require the SPAMfighter anti-virus engine. You can find the full pricing chart here.

Conclusion

In the latest version of SPAMfighter Exchange Module, SPAMfighter has added some very effective new features, but has done so without sacrificing their trademark simplicity. I found the software to be very easy to install and configure and all the new features should go a long way toward helping organizations to effectively combat spam while also preventing false positives.

MSExchange.org Rating 4.8/5


For more information about Messageware SPAMfighter Exchange Module click here

See Also


The Author — Brien M. Posey

Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien’s personal Web site at www.brienposey.com