Antispam gateways

Sir SpankalotUK · 14 Jul 2017 at 16:52

Our current provider is no longer fit for purpose, so I was wonder what other people are using and whether they are happy (including their clients). Any recommendations as I was looking at the Comodo offering?

Caged · 14 Jul 2017 at 19:32

Proofpoint or Microsoft EOP.

Conanius · 14 Jul 2017 at 21:40

We use messagelabs - as have all of my previous employers - generally always seem pretty faultless and it 'just works'

teaboy5 · 14 Jul 2017 at 21:45

Currently using MS and seems to be working ok, but it still lets the odd phishing email past. But then it's down to user education.

Currently going to give the Sophos appliance on top to add another layer.

As a side note is anyone finding a massive increase in spam this past month? At the moment we are stopping around 280 malware hits a week. We do have a lot of email addresses advertised on various websites but there's nothing we can do about that.

Caged · 14 Jul 2017 at 22:56

I think you're on a losing battle if you're looking to filtering to dump phishing attempts. It takes very little effort for somebody to register a domain and a cheap VPS, get SPF and DKIM all sorted so the emails are delivered reliably, and then hit you with a generic "hey log in here to reset your account details" message. The filtering on G Suite (Google Apps) is incredibly good - that advantage no doubt comes from being able to analyse the email and spam reporting from 1 billion+ Gmail users, but it's a real pain to try and use that as a separate service (RIP Postini).

We get complaints from people when emails from "Name of Manager" <[email protected]> asking for bank transfers to be made to certain accounts get through the spam filter - it's very difficult to explain that that's not really a spam message. The only way to deal with it is either to have content policies that bin anything with a bank account number in, at which point you cripple the ability of your accounts team to get work done, or you have a rule that marks all external email in an obnoxious way. User education is probably the best way to tackle this stuff.

I wouldn't recommend chaining filtering solutions together as it tends to do really weird things for the ones that aren't being hit by the junk mail.

teaboy5 · 14 Jul 2017 at 23:45

Ach yeah I know it's hard to 100% stop phishing so if one does slip into the system most users do know to bin it, but there's always one.

Yeah we had a good few of them about 6 months ago, even went as far as reporting a few to the police who said they can't do a thing until money is transferred. Some of the accounts the spammers wanted the money sent to were banks in England so I shocked they didn't look into it.

traveyb · 15 Jul 2017 at 19:34

We use Mimecast, which is brilliant. The impersonation protection alone is worth it (we receive a lot of emails to directories with "send me payment" etc).

the-evaluator · 16 Jul 2017 at 18:14

We use Mimecast too. We jumped ship from MessageLabs about 6 years ago and ended up with a better service at less cost and escaped the horrors of Symantec.

I'd recommend Mimecast but will admit that their support is not great and they've been known to take their eye off the ball on the more basic anti spam by focussing on new shiny stuff.

Caged · 16 Jul 2017 at 18:53

Mimecast's support has gone down the toilet in the last 3-ish years. Fortunately the documentation is alright.

the-evaluator · 17 Jul 2017 at 08:03

It has never been what I would class as good but it has really down down hill in the last 18 months. Looking back in the minutes of account review meetings with them I've mentioned support issues pretty much every time. I was with them a few weeks ago and they were really pleased about Mimecaster Central, their user community. Great, so you're not going to fix your support issues, you're going to get your customer base to do it for you?

Support aside I'm a Mimecast fan.

Toughnoodle · 17 Jul 2017 at 11:56

I was going to try Messagelabs, but it would have been 4 times the price of my next option. That option was AppRiver SecureTide and it's worked well for what I needed to block at the time (backscatter). It lets through the odd bit of spam, but the support has been good when I've needed it.

I also use Trend Micro Hosted Email Security for the simpler requirements as it's free with the anti-virus license (if you have Worry Free Advanced, i.e. on-premise Exchange protection). It's better than their on-premise software, but the support is very, very bad. Their support were repeating previous questions just to reset the SLA clock and you only ever get to contact 1st line. I had to move away from them in one instance.

Glanza · 17 Jul 2017 at 12:56

Webroot have started to push their antispam hard the last few month. Looked good from the demo we had but the pricing didn't work for us (small firm who look after small clients)

Liquidfox · 17 Jul 2017 at 15:27

2nd vote for ProofPoint. They're constantly adding new features and detection/spam prevention methods which is nice. Support is quite on the ball too, UK support is via a reseller and then if they need to they can escalate to the US team.

Conanius · 18 Jul 2017 at 20:53

Toughnoodle said:
I was going to try Messagelabs, but it would have been 4 times the price of my next option.

I'm going to say this as someone who's been a customer of theirs for years (and years) in various organisations, but to a reasonable extent you pay your money and take your chances.

With Messagelabs you're getting a product backed by a huge multinational based out of the US. Call me old fashioned but I don't like using some of the 'wow this looks great and its so cheap' providers as they have potentially questionable backgrounds.

I'm not calling the US or their multinationals perfect, and I know they have support tiers and supply chains globally, but I think it's probably a lesser of many evils.

Caged · 19 Jul 2017 at 00:33

Symantec ruin everything they touch so I wouldn't be rushing to move to anything they offer to be honest

the-evaluator · 19 Jul 2017 at 08:46

Caged said:
Symantec ruin everything they touch so I wouldn't be rushing to move to anything they offer to be honest

Agreed. We actively move away when Symantec acquire a company. Brightmail, Netbackup and MessageLabs are the names that immediately spring to mind.

We had been MessageLabs customers pretty much since day 1 when it was started by Star. There's some history between my company and Star which meant that Mimecast saw getting oru business as quite a coup.

AlexD · 21 Jul 2017 at 15:29

We moved away from Symantec Mail Security & Barracuda to FortiMail. So far it's worked very well, but perhaps not the most polished interface.

Had good experiences with Proofpoint and Cisco IronPort.

neil_g · 21 Jul 2017 at 22:22

Caged said:
We get complaints from people when emails from "Name of Manager" <[email protected]> asking for bank transfers to be made to certain accounts get through the spam filter - it's very difficult to explain that that's not really a spam message. The only way to deal with it is either to have content policies that bin anything with a bank account number in, at which point you cripple the ability of your accounts team to get work done, or you have a rule that marks all external email in an obnoxious way. User education is probably the best way to tackle this stuff.

More and more are turning on DLP options and refusing to accept account and payment details over email. Most see it as a step forward rather than hampering.