Re: SPAM/spyware appliances or services

["Borne, Chris" <cborne () REGIS EDU>]

We use Tipping Point for IDP.  It works pretty well for us.  For SPAM I
use Can-IT Pro from Roaring Penguin.  It's a software solution, and sits
on 3-4 servers, 2 for gateways, one web interface, and one for the
database.  The only one I needed to be new and beefy was the DB server.
We recycled 4-year-old Proliant 1U servers, so no cost there.  The
software was very reasonable.  The solution is very easy to customize if
you have PHP programming experience, now proprietary OS, it runs on your
favorite Linux or UNIX variant.  

We used IronMail in the past.   Our users hated it.  I got frequent
calls from users surprised we even had an anti-SPAM solution in place.
It wasn't very customizable for individuals, no whitelist or blacklist
for individuals, so I wasn't able to block near the amount of SPAM that
I could in a more corporate environment.  Our faculty expects the
ability to choose whether they get all their mail, or limit it on their
own.   One person's SPAM is another's research here.   Also, personal
use of our email is generally accepted, so sales-related SPAM using
dictionaries was limited.  Can-IT allows them to use a web interface to
block domains, and to set scores based on a series of rules, all of
which can be customized by the user.  We actually simplified this, and
have 4 choices for the levels of probable SPAM a user is customizable.
About 20 people have such bad problems with inbound SPAM that we taught
them to control their own streams.  There was nothing like this with
IronMail.  Anti-virus definitions were released late (4-12 hours after
the AV vendor put them on their website, often after a peak in the
attack has hit).   While I've seen and heard of people being happy with
IronMail, and don't argue it's power to block SPAM on a global level,
you must have complete control of the email to use it, and be able to
decide what is SPAM and what is not.  This didn't fly in the Liberal
Arts environment here at a Regis, where Academic Freedom is highly
revered.  This may have changed, we dumped it spring of 2004.

I was able to purchase the Can-IT product for the same amount I would
have paid for 2 years of CipherTrust support.  Nice on the budget.  I'd
be glad to discuss offlist with anyone.

If anyone is using IronMail, I have 2 IronMail boxes I can sell for a
song (.mp3 will do).  They are collecting dust in the corner, I've been
trying to get info on whether CipherTrust would be willing to support
them If I sold or donated them to another CipherTrust customer (we have
a sister school who uses and likes IronMail).  6 months and 4
calls/emails to 4 different people later, and no reply.  But if you want
a 210 & a 110 for hot spare parts, LMK.

Chris Borne
Regis University ITS
cborne () regis edu

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Dobbins
Sent: Tuesday, April 19, 2005 7:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SPAM/spyware appliances or services

Am curious to know who's using an appliance or an external service (as
distinct from software running on the MTA) to aggressively filter spam
for their campus.  Additionally, do any of you employ products which
filter spam from email traffic as well as filter spyware from HTTP;
who's using what?

--

   ------------------------------------------------------------
   Gary Dobbins, CISSP -- Director, Information Security
   University of Notre Dame, Office of Information Technologies

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.