Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Spam / Virus / Exploit Filtering. What's your view?

[MPCN_Russ]

Hi all,

What is your personal position on Spam/Virus/Exploit filtering? Is it worth the extra buck or two to you?

I know there can be a few false positives with the Spam/Exploit filtering... But not too many on Exploits. I was trying to assess the idea of a (small) completely filtered network for webhosting. A network that used products from a company such as Mcafee for Anti-Virus and Spam, and some other proven product for catching Exploit attempts.

I've read a few unhappy customer's of webhosting company's on here about the virus filtering... But isn't the decrease of a system compromise worth it to you?

I searched through the forums to not find too much on what I'm asking. So I put up a poll to help out a little. Any comments aside from your answer in the poll would be greatly appreciated.

Thanks for your time all,
Russ

[InsideHosts.com]

Many webhosts actually offer this already - I find it useful.

It's possible to implement with a very minimial amount of cost - I'd advise staying away from commericialist solutions (Eg McAfee) unless you are minted.

[net-trend]

From our experience, there are those that absolutely dislike any sort of filtering and then there are those that love it. Can't please em all really.

[NickTooms]

It is useful in many cases, but sometimes it is very uncomfortable. They could block useful mails as well!

[Inthrive]

Yes it's worth it to me. I receive 25-50 spam messages a day and countless virus infected messages. The peace of mind and decreasing the chances for infection are worth something. There tends to be more complaints if spam/antiviurs filtering isn't offered, rather than if it accidently tags a legit message.

[MPCN_Russ]

Hello,

Thanks for the responses! One idea that had come across was to implement a system such as Mcafee's Spamkiller does... Holding the email(s) server side for a certain amount of time (15 days). In that time you can securely view the message and/or ensure it is spam and delete it. Otherwise it will automatically be deleted in 15 days. Another feature in Mcafee's Spamkiller is having the ability to "add a friend" (An email address that you are sure is a false-positive and/or is a real aquaintence).

What do you all think about those feature's in SpamKiller?

Thanks,
Russ

[ChrisTech]

I really dislike the idea of a company filtering my email for me. If I want it filtered, I will do it myself.

All it takes is one lost email to cost someone some money or that job or who knows what else. For the ISP I work for, we do not and will not filter the client's email on our end. Its up to the user to do just that. 2 other ISP's in town filter email, and potentially loose clients/customers emails on a daily basis.

[MPCN_Russ]

Hello ChrisTech,

I can understand how frusating losing emails can be... That's why I'm asking your view on SpamKiller's system. It pretty much freezes the email... holds all images and script content while your viewing it... and allows you to then accept the email or leave it there for the 15 more days when it's auto deleted.

I think that kinda solves the problem of losing important emails, as they're not truly lost... simply frozen instead until furthur user action.

Thanks,
Russ

[ChrisTech]

Quote:

Originally posted by MPCN_Russ
Hello ChrisTech,

I can understand how frusating losing emails can be... That's why I'm asking your view on SpamKiller's system. It pretty much freezes the email... holds all images and script content while your viewing it... and allows you to then accept the email or leave it there for the 15 more days when it's auto deleted.

I think that kinda solves the problem of losing important emails, as they're not truly lost... simply frozen instead until furthur user action.

Thanks,
Russ

Then you are talking about something similar to Postini

Still users need to log into the web interface in order to "Screen/scan" their emails to make sure that nothing was caught that shouldn't of been.

Another local provider in the town I work in, uses that software on their server.

I'd personally hate having to login online to check to make sure some spam filter didnt catch my email back from "Aunt Milly" or such.

[Steven]

Relying on email is stupid anyways. There are other reasons why mail can be lost.

[MPCN_Russ]

ChrisTech,

Actually I was thinking of a weekly email that contained all the info for the emails that had been blocked. That way the only time you would login is when you wanted to confirm a sender isn't a spammer.

Thanks,
Russ

[MPCN_Russ]

thelinuxguy,

I remember reading this on another one of your posts. Why make and update mail servers if email is stupid? Kinda eliminates the point. You wouldn't be on these forums if it wasn't for email. That... You can't deny. So because of email you can grace us with your presence.

Thanks,
Russ

[dotSecurity]

Just like and SMS an email can be lost anywhere along its path. But I would prefer to receive 20 spam emails a day than having more chance of losing a legite email. Hence if a solution is in place it has to be foolproof and not lose emails which may be of importance.

Users should have the option of turning off such a feature.

[net-trend]

Quote:

Originally posted by dotSecurity
Users should have the option of turning off such a feature.

With us and I'm sure other hosts that use cPanel, users have a choice and can enable or disable spam filtering. Also spam filtering can work 2 ways, one is directed to a spambox and the other just let's spam be tagged as *spam* in the email header. All information is intact and left up to the user to decide what to do with it.

[datums]

From experience filtering will eventually be a requirement.
With the increase in phishes (spam) and the daily mass mailing viruses, for small business it won't be a question of
"What if I miss an email?"

More like what if my network is down for 2 days or more.

The fact that you might miss an email or an email gets tagged incorrectly will always exists. As mentioned above there are options. A web portal or simply tagging the message in the subject and moving it to a folder. As the filtering market continues to grow, devices like Ironport,brightmail, will not be very useful, due to spam attacks (DDoS) and spam volumes increasing.

Postini was mentioned above, this keeps the scanning and spam away from your primary mailserver, this setup will allow you to tarpit (throttle) the smtp connection from postini/messagelabs/frontbridge.

If you look at the amount of spam you received (no filtering) the risk of being infected by a new virus that your local virus engine does not have the def for, the benefits of stopping these outweigh the risk of not having a live mailserver, infecting your co-workers (outlook address book)

long post. bye