Review: CipherTrust IronMail

The IronMail appliance has a lot of components to juggle and provides limited per-domain administration.

Both of the hardware-based appliances we evaluated included a lot more than just anti-spam capabilities because both come from companies with security roots that have grown into the anti-spam space.

IronMail grew out of CipherTrusts work in providing firewall and intrusion detection for e-mail systems. The IronMail appliance is designed to withstand Internet-based attacks and is a good choice for organizations that are frequent targets of hack attempts.

In terms of its anti-spam capabilities, IronMail was among the most inflexible products we evaluated when it came to setting up different rules for different e-mail domains. This was a problem for WiscNet.

CipherTrust representatives indicated that a subsequent release of the product would allow administrators to apply rules by domain, but they could not provide a release date. While this lack of flexibility was a big weakness in WiscNets eyes, eWEEK Labs thinks that many corporations wont miss the per-domain administration. When it comes to spam, most corporations likely feel the same as Robin Jarlsberg, technology director for the Cambridge, Wis., school district: "When it comes to spam, I just want it to be gone," Jarlsberg said. "I dont want end users digging around in a quarantine box."

Mail administrators with a sweeping mandate to rid their organization of spam—and that should be a fair number—will likely be able to use IronMail as it stands today.

Aside from the usual anti-spam techniques that enabled IronMail to examine WiscNets test traffic for spam characteristics—such as header and content analysis, including heuristics—IronMail also employs a statistical look-up service. Using information gathered from voluntary customer participation, e-mail messages are counted to see how often a particular e-mail has been seen by CipherTrusts clients.

In eWEEK Labs experience, IronMails statistical look-up service might prove to be more bluster than blockade because sophisticated spammers are rapidly figuring out how to modify messages to make them statistically different from one to the next. Even so, we advise IT managers to consider products as a whole. For example, IronMail uses myriad spam-stopping techniques, of which statistical look-up is just one that may add 3 or 4 percentage points of accuracy to the spam score IronMail assigns to incoming messages.

Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@