[Geeks are Sexy] technology news

Monday, January 30, 2006

Corporate anti-spam at its best: GFI Mail Essentials

With the increasing and ever present problem of spam email, several of my users came running to me last year, begging me to find them a solution against their spam problem. One of them was actually crying and groveling in front of me, telling me she couldn't endure seeing those V1@Gr@ emails anymore. Being an all-around nice guy and an IT super-hero, I couldn't really refuse their request. I had to find a server-side anti-spam software that would be able to run on an exchange mail server and would be affordable enough so that management would not put my head on the block when I would be showing them the price quotation. After trying out a few solutions on a test server, my choice stopped on a most excellent application from GFI: GFI Mail Essentials. In addition of being affordable, Mail Essentials is not only easy to install, but also features rich.

Like I said before, the application is server-side, so you only need to install it directly on the mail server or at the gateway. The advantage of this is that you do not have to deploy the solution on multiple desktops and administration is done from a central location. This way, you can save hours of work, letting you waste more of your valuable time on the Internet. Exciting isn't it? After all, everyone knows that system administrators do nothing all day long except surf the web, it's a well known fact.


To catch spam effectively, Mail Essentials uses several filtering technologies to determine what's considered as spam and what's not. Here is a list of those technologies:

  • Sender Policy Framework: allows you to check whether a particular email sender is forged or not. Most of today's spammers use forged email addresses.
  • Whitelist: List of email addresses and domain from which you always wish to receive emails. All emails coming from entries in this list won't be filtered and will end up in the user's inbox
  • Directory harvesting prevention: Detect emails in which the recipient was randomly generated and blocks them.
  • Custom blacklist: Permits you to specify domains and addresses from which you do not wish to receive emails.
  • DNS Blacklist: This feature permits GFI Mail Essentials to block spam by querying a public database of known spammers.
  • Spam URI Real-time Blacklist: This feature will extract links from the message and verify if they are listed on a public spam database.
  • Bayesian Analysis: The Bayesian engine will analyzee the content of each message based on certain mathematical rules to decide if the mail is considered as spam or not. For this feature to work efficiently, you have to let MailEssentials process a few thousands inbound and outbound emails before turning the engine on.
  • Header Checking: This feature will analyzee the header of each mail to detect if it contains an empty or malformed "MIME FROM:" Field. It will also mark as spam emails that have different "SMTP TO:" and "MIME TO:" Fields.
  • Keyword Checking: Allows you to block messages that contain certain keywords. I prefer to turn that functionality off because I think that this feature is the least efficient of all the available ones.

When GFIME finds a spam message, it can delete it, move it to certain folder, forward it to an email address or simply tag it - you have the choice. Of all the applications I tried, this one had the best spam detection ratio (about 98%).

In addition to anti-spam filtering, MailEssentials also gives you access to other great mail management tools:

  • Automatic Disclaimers
  • Mail monitoring
  • Internet mail reporting
  • list server
  • Server-based auto replies
  • POP3 downloading

How does the story end? GFI MailEssentials has been running in my environment for the past year with little or no complaints at all. Management was happy enough with the rock bottom price, and up to now, I still am patting myself in the back for a job well done.

Download your
free trial today!

(edit 31/01/2006): Just received this announcement from GFI:

GFI is preparing to launch GFI MailEssentials for Exchange/SMTP 12, the latest version of GFI's award-winning anti-spam software. Version 12 will protect users from spam and phishing emails by detecting and blocking them before they reach the recipient's mailbox.

Featuring PURBL, a phishing URI real-time blocklist, GFI MailEssentials 12 will have the ability to extract links from the message body and check them against a list of well-known phishing sites. Version 12 will also scan for typical phishing keywords, which identify and treat the message as spam once found.

Technorati tags: , , ,


  • Sounds like good shizzle. I really do enjoy the server-side solutions to messes like this, but what kind of applications would you suggest to solve this same problem client-side?

    By Blogger theMatt, at 12:44 PM  

  • Well, outlook 2003 has some integrated anti-spam features. I never actually used them, So I can't say if the detection ratio is any good.

    I know that Spambayes, which is a free, open-source project, does the job very well, and runs on all versions of outlook..

    It can be downloaded from source forge: HERE


    By Blogger Kiltak, at 1:11 PM  

  • K9 (http://keir.net/k9.html) works really well.

    I had to train it a lot though. At first, whilst untrained, it got almost everything wrong (false pos and neg all the time) but after providing it with a load of known good and bad email, say 2000 messages form the last few months, it has become extremely good. Like high 99% good. It's proboably not going to work as well if you're an IT support guy as the training needs to be personalised.

    By Anonymous Anonymous, at 2:45 PM  

  • Great software, works extremely well and have plenty of features to go with it. However stability is an issue. I've used version 9, 10 and they always seem to cause event id 7031, in which it crashes the iisadmin service. Also it can cause slow delivery of mail with items stuck in pre submission queue. GFI's official support response is that the software cannot handle more than 2 emails per second, which roughly gives about 90k emails a day. This is with GFI installed on the exchange server itself.

    To be fair, version 12 is out and I've been evaluating it, and this time I installed it purely as an SMTP gateway rather on top of exchange(hoping it will solve my previous problems), everything looks great until the tenth day in which I got a 7031 error, and over 3 thousand items stuck in the queue on IIS.

    I am curious, since you have it running over a year, have you not experienced any of the issues that I have?

    By Anonymous Anonymous, at 10:03 PM  

  • I'm running the most recent version directly on top of the exchange 2000 box and I never had any problems with it. Hmmm Your environment is probably bigger then mine...I roughly have around 120 users.. I'm also running groupshield 6, and my server is rock-stable.. (I'm kind of lucky I guess, I heard that a lot of people had problems with McAfee groupshield).

    By Blogger Kiltak, at 10:16 PM  

  • Forget about all those. I did the research recently.

    ASSP rocks the hizouse. Free (sourceforge). Bayesian,RBL, SBL, ABC< NBC... seriously, though.

    Minimum, check it out thoroughly. Installing the necessary PHP is easy too. I have it working on single boxes and it's amazing. Try the best before your try the rest.

    By Anonymous Aaron Gill, at 9:57 PM  

Post a Comment

Links to this post:

Create a Link

<< Home