Robert MacNutt of Northeast Georgia Health Needed That Perfect Anti-Spam Solution...
After evaluating 5 different software systems to reduce Spam, NGHS has selected GWGuardian to do the job. We started about a year ago by trying one well-known ASP service; ASP was our only choice with them, since they don’t sell to accounts as small as ours – only 2,500 mailboxes. It worked very well, getting rid of roughly 90% of our spam with no false-positives that we could find. However, the price tag was extraordinary, running well into five figures annually. As much as we liked the service, management didn’t like it THAT much, so the pursuit went on.
Next, I tried another, more reasonably priced ASP service that essentially just used the popular SpamAssassin product. I had to turn it off within a couple of hours because of the extremely high false-positive rate. Oh, well...
So the quest continued. We already had an anti-virus gateway solution in place, and it offered some content-filtering capabilities, so I decided to see what could be accomplished with it. Using one of the vendor’s downloadable text lists of common spam words and weights, we succeeded in blocking a whopping 5-10 emails/day! I increased that by a factor of 10 by just adding “ADV:” to the word list. Still, it wasn’t making a noticeable dent in the problem.
Blacklists were next on the agenda. At the time, this gateway solution’s support for an RBL lookup didn’t work very well, so I went on a crusade to develop my own. After several weeks of analyzing our email traffic, I succeeded in beating back the tide to the tune of between 1,000 and 1,200 emails per day. Now we were getting somewhere! But alas, tons of the nasty stuff was still getting through, and with the general increase in spam over the last few months, my efforts had only succeeded in getting it back to the same level it was in mid-2002 with NO spam filters in place. Time for more drastic action.
The anti-virus/content filter gateway vendor came out with a couple of new upgrades. One improved the support for an RBL, albeit only one at a time, but it did help. Another added a serious spam filtering option that used a heuristics approach. It was free, so I figured it was worth a shot. It did do a very good job (far better than the previous “weighted keyword” list), blocking about 800 spams a day, with a false-positive rate of only about 1% - pretty good for something that essentially didn’t cost us a thing. I was able to build up a "Whitelist" to fix the false positives, but it was time-consuming, and required a manual review of trapped spam (I got REAL good at it: I could scan a day's worth in about 10 minutes). But we were STILL getting too much spam!
We’re a Novell GroupWise shop, and I’d heard about an update to a popular GroupWise-centric anti-virus solution that added a heuristic spam analysis feature, so I thought I’d give it a try. Since it also did virus scanning, it had the potential to replace my other anti-virus gateway, which was a plus. But it didn’t really do a much better job – similar hit rate and number of false positives – and had some serious ease-of-use problems, to boot. Close, but no cigar.
Finally, we gave GWGuardian a shot. With its built-in virus scanning, it also stood to serve as a replacement for my existing anti-virus gateway. After cranking it up for a few days, I was amazed! My personal spam count was down from about 20-30/day to between zero and 2. My colleagues reported similar reductions and were all very impressed. And virtually NO false positives. The few that I did find, I reported by clicking the “False Positive” button, and within a few hours, I had a response, analyzing the email and either explaining it logically or adding it to the next filter update. I analyzed all the trapped spam for about a week before giving up on finding any more false positives. Now I only scan them when a user suspects they’re missing something. And I haven’t had even one request to do that!
The Find feature makes it extremely easy to search for almost anything quickly and easily. After blacklist hits, it’s blocking over 1,000 emails/day. This is the only product we’ve tried (except that super-expensive ASP solution) that’s actually generated unsolicited comments from our users about how well it worked. I even had one more product (yet another ASP) that I had planned to review, but the boss was so impressed with GWGuardian, he took it on himself to put the requisition through while I was away at a class.
Features I REALLY like about GWGuardian:
- The price is very reasonable and competitive.
- Tech support is responsive and knowledgeable (yes, I’ve used them several times).
- Virus scanning is included – no need to license a 3rd-party product (some of those can get VERY expensive, too!).
- Multiple RBL support.
- FIND feature is fast and easy to use.
- False-positive report button is great – and it works!
- Meters its own use – you only pay for the number of email users who actually receive Internet email (many of our users don’t, but other products would have required me to pay for them anyway).
- They provide an email address for reporting spam that gets through, for future filter updates.
- I can write my own Sieve filters to customize it to my needs.
- Automatically updates Virus patterns and Spam filters on a regular basis.
- EUREKA, IT WORKS!!!!
Some interesting notes:
- With every product I tried prior to Guardian (except one), I had a lot of false-positives from several discussion groups that my users subscribe to. The same groups were getting hit, no matter which product was used. GWGuardian, right out of the box, didn’t whack any of them – they all got through just fine without any need for “whitelisting”.
- I used to block all "ADV:" spam unconditionally. With GWGuardian, I never set up a specific filter for ADV, but it automatically blocked most of it anyway. HOWEVER, it did let a couple through, but wonder of wonders, they weren’t “spam” at all, but legitimate vendor advertising that I actually wanted to see – how do they do that?
Robert MacNutt, Systems Programmer
Northeast Georgia Health
