InfoSecurity show

[Julian Field]

At 21:24 29/04/2003, you wrote:
>I was there today as well.  I had one "salesman" tell me mail came in on 
>port 28 :-)

That doesn't surprise me...

>I can honestly say that there is only one product there that looked any 
>good and that was MailMarshall. Even then it did fully supply what 
>MailScanner can.

Did you mean that, or did you skip a word?

>   I was amazed to see that about 70% of the stands there were to do with 
> spam and email antivirus.

I would have stayed for the demo, but the fake log cabin and the Stetson 
hats were just too much for me. Worthy of a used-car salesman on a bad day :)

>A stand for MailScanner next year then Julian???

Slight snag there: marketing budget ;-)

>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On 
>Behalf Of Julian Field
>Sent: 29 April 2003 15:44
>To: MAILSCANNER at JISCMAIL.AC.UK
>
>I have just the day (well, quite enough of it!) at the "Info Security" 
>show in London.
>I decided to do the rounds of the show on the premise that I wanted to buy 
>an email anti-virus, and particularly anti-spam, system.
>I have had demos from loads of salesmen trying to flog me their systems.
>
>And my overwhelming response has to be "What a pathetic bunch of products".
>That's the version you can tell your mother-in-law, anyway :-)
>
>They have really sophisticated traps like "the From: domain doesn't match 
>the envelope sender domain" and make a big thing of it. Useful until one 
>of your users joins a mailing list...
>
>The really advanced products have thinly (or sometimes not at all!) 
>disguised copies of DCC. I didn't see one product that could talk to 
>Razor2 and DCC. RBL's are quite popular, probably because they are so easy 
>to use.
>No-one had a decent response to "what happens to your incoming mail feed 
>speed if one of the RBL's goes down?". The standard line to that was 
>"well, you can't avoid human intervention completely". In other words, 
>your incoming mail feed would slow to a crawl waiting for every DNS 
>timeout for every message. I even got them to admit that was exactly what 
>would happen.
>
>No product I was shown implemented any decent set of heuristic rules. One 
>or two had the ability to enter regular expressions and give a simple 
>score to each one. But you had to write all the rules yourself, and they 
>only supported 10 rules at most.
>
>1 had a Bayes engine, but it had to be manually trained with spam. It 
>would auto-learn on the assumption that all your outgoing mail was not spam.
>Which is better than nothing, until one of your systems inside gets hacked 
>and used as a spam relay, at which point your entire bayes database is 
>destroyed by being given spam it assumed was non-spam.
>
>And a couple of them gave me price quotes. These were both "appliances", 
>i.e. PC's in 1U boxes. One company wanted $56,000 plus the cost of an 
>anti-virus engine (they only supported a choice of 2). The other one 
>charged £20,000 (approx $32,000) for the basic unit, and you then paid 
>them several thousands of £ for each of their "modules" on top of that.
>
>I hope there are at least 1 or 2 decent commercial products in this 
>market, but I sure didn't see them today, and all the big players were there.
>
>We need to spread the word!
>
>Which brings me onto my next posting.
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz MailScanner thanks 
>transtec Computers for their support

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support