Review: McAfee SpamKiller

 
 
By Cameron Sturdevant  |  Posted 2003-09-29 Email Print this article Print
 
 
 
 
 
 
 

SpamKiller represents an unimpressive integration of the widely used SpamAssasin engine into a rudimentary anti-spam framework.

McAfee Security, a network associates inc. company, has taken the open-source SpamAssassin and integrated it into its SpamKiller Anti-Spam gateway appliance. (The company acquired the famed open-source product in May 2002.)

SpamAssassin has had a long run as an open- source product and is still freely available at www.spamassassin.org. As such, SpamAssassin is a favorite test tool for spammers: A spammer develops a mail campaign, runs it against SpamAssassin until it gets through and, voilà, spam is waiting in your in-box.

SpamKiller wasnt for WiscNet mainly because it requires that false positives be resurrected by an administrator. Company representatives said a forthcoming version of the product, due this quarter, will allow end users to resurrect filtered messages.

Probably the other biggest drawback to SpamKiller is that it is incapable of scanning HTML messages to determine if a message is spam. HTML is a favorite way for spammers to evade word- and character-scanning anti-spam devices such as SpamKiller.

Company representatives said SpamKiller in the future will allow for per-user policy creation but only for the forthcoming SpamKiller for Exchange (also due this quarter). eWEEK Labs thinks that an e-mail product that provides per-user policy only for the Microsoft mail platform is too limited for consideration in most enterprises. We hope McAfee moves aggressively to develop policies for a variety of mail systems, including IBMs Lotus Software divisions Lotus Domino.

With many of the other products we looked at, anti-spam updates were frequently released to match the changing patterns and methods of the spammers. SpamKiller, in contrast, relies on 650 rules that are updated only on a monthly or bimonthly basis.

SpamKiller also doesnt lend itself to tuning by e-mail administrators. In fact, we were advised during the eVal not to adjust the characteristics of the rules because of the likely adverse effect on the filtering ability of the product.

These restrictions would be less troubling to us if it were not for the fact that most of the other techniques used by SpamKiller—techniques developed by McAfee before the acquisition of SpamAssassin—are fairly notorious for providing false-positive results.

For example, as one of its five spam-testing components, SpamKiller integrates with third-party RBLs (Real-time Blackhole Lists), where suspected spammers are tagged by the Internet community at large. These lists are often managed by underfunded nonprofit organizations, and legitimate mailers sometimes linger on the RBLs.

  • Review: Postini Perimeter Manager
  • Review: FrontBridge TrueProtect Message Management Suite
  • Review: McAfee SpamKiller
  • Review: CipherTrust IronMail
  • Review: Brightmail Anti-Spam Enterprise Edition
  • Review: ActiveState PureMessage Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ ziffdavis.com.

  •  
     
     
     
    Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...

     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel