Commercial filtering (was Re: [Mimedefang]ADMINISTRIVIA:Out-of-office replies)
ken.cormack at roadway.com
Thu Sep 13 09:39:26 EDT 2007
> Looks like IronMail overruns edu sectors. I notices the same, because
> "it's so easy" and "it runs without yet administration at all" and
> "guaranties almost no false positive and no false negative".
I will be the first in line to dispute the false pos/neg estimates. Our
organization has run IronMail at our new parent/partner campus for 3 years,
while we've run MD for longer than that, here at our campus. A year ago,
they took over as primpary MX hosts for my campus's principle email domain.
Due to the volume of email, our MD boxes still handle considerable traffic
inbound for our domain, but I'd say it's now about a 70/30% split.
Point being, our users see the quarantine behavior of IronMail, and the
perception from all in our domain, who were previously accustomed to the
behavior of our MIMEDefang config, is that IM tends to be overly overly
conservative (it lets a lot of spam slip through), while quarantining a fair
amount of valid emails. I'll be the first to state though, that some of our
MD filtering was aggressive in the eyes of this list.
Additionally, it's daily updates seem slow to respond to new threats,
compared to the activity on this list wherein I've usually seen new threats
identified, several options to defend discussed, and a solution presented,
often within hours.
The funny thing is this... To allow for users to report any spam that slips
past the filters, we have a "SPAM" Public Folder in our Exchange
environment. We tell users to drag any spam into that folder, and then we
examine and process that spam every few days. You'd have to laugh at the
percentage of "Quarantine Notifications" that are present in that folder, at
any given time. I just checked... Out of 509 messages currently in the SPAM
folder so far this week, 90 of them are Quarantine Notifications... Nearly
More information about the MIMEDefang