[c-nsp] Which would be ideal spam control device ?

Ted Mittelstaedt tedm at toybox.placo.com
Mon Jul 18 04:58:44 EDT 2005



>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Hank Nussbacher
>Sent: Sunday, July 17, 2005 11:29 PM
>To: Troy Davis
>Cc: cisco-nsp at puck.nether.net
>Subject: Re: [c-nsp] Which would be ideal spam control device ?
>
>
>At 09:37 AM 17-07-05 -0700, Troy Davis wrote:
>>On Sun, Jul 17, 2005 at 03:48:20PM +0800, Ian Henderson 
>><ianh at chime.net.au> wrote:
>>
>> > Agreed. We use the IronPort appliances along with Symantec 
>BrightMail and
>> > Sophos anti-virus. Without any spam protection I get about 
>100 spams a
>> > day. With spamassassin alone, I get about 30ish a day. With 
>the IronPort
>> > solution, I get about two or three.
>
>Network World did a benchmark of anti=spam boxes in Dec 2004:
>http://www.networkworld.com/reviews/2004/122004spampkg.html

Unfortunately, though, this was a really flawed survey.

Network World basically crossed out Spamassassin with the
phrase:

"when it came time to test no one would step up to the plate and
represent the product at a level that would make it competitive to
the other enterprise-focused vendors."

They continue on to say:

"The key to SpamAssassin's success, though, is a smart VAR or IT person
installing it."

The problem here is that what Network World missed is that
when people are looking at spam filtering products, it is not
a question of which product is better.

Rather, it is a question of "is the expense of a commercial
product justifed by it being so far and away better than the
free product"

Most smaller corporations that aren't ISPs do not have that so-called
"smart VAR or IT person installing it".  So even for the
commercial products they are going to be bringing in a VAR
or consultant.  Thus they are going to pay for labor either
way, and to them the larger question is "will the large extra
license cost of a commercial product that my VAR is going to
setup, justify itself over the free license cost of Spamassassin
that my VAR is going to setup?"

For the larger companies, they (presumably) have that
smart IT person on-staff.  So for them, the question is
even simpler: "will the large license cost of a commercial
product justify itself over the free license cot of
Spamassassin?"

If a properly setup Spamassassin will give you a 95% effective
rate, and a commercial product will give you a 98% effective
rate, and your doing 1000 e-mails a day, then the commercial
product has to justify it's expense for basically catching
an extra 30 spams out of the hundreds that your going to get
that day.

The licensing costs of the commercial products - in my opinion -
are so high that they simply don't justify that extra 30
mails.  I suspect the reason for this is that currently, the
main driving force for people buying spam filtering products
is emotional, not logical.

It is easy to show that in a corporation some productivity is
lost to spam.  It is in fact, something that can be quantified.

But, how many people buying spam products have actually
done the math to see how much money they are losing to not
running a spam filter, vs the additional costs of buying one?
Not many, I wager.

Ted


More information about the cisco-nsp mailing list