Digiportal Software Inc.s ChoiceMail Enterprise 2.5 anti-spam software is one too many steps ahead of the effort to block junk e-mail using sender identity.
Click here to read the full review of ChoiceMail Enterprise 2.5.
2
Digiportal Software Inc.s ChoiceMail Enterprise 2.5 anti-spam software is one too many steps ahead of the effort to block junk e-mail using sender identity.
ChoiceMail 2.5, which shipped last month priced at $350 per server with five user licenses, is one of the first enterprise challenge/response offerings eWEEK Labs has seen. In our tests, ChoiceMail 2.5 did a yeomans job of blocking junk e-mail from our in-boxes.
However, most organizations will likely avoid ChoiceMail 2.5 because of the extensive configuration and intensive user training required to implement the tool effectively.
In addition, problems in SMTP, the fundamental e-mail protocol, make it far too easy for spammers to circumvent the ChoiceMail spam blocker.
Paradoxically, we believe DigiPortal is right to concentrate on developing effective tools to challenge e-mail by using identity, even though identity is the least reliable aspect of the current e-mail world.
ChoiceMail 2.5 is loaded with well-thought-out tools to sort good e-mail from bad, and we could easily create policies that applied global acceptance rules for e-mail. We could also set up basic rules that always blocked e-mail from domains that are known bad senders while always allowing e-mail from customer domains.
When authentication systems get up to speed, this kind of capability will be an asset to e-mail recipients. Now, however, global “accept” lists are a weakness because domain and sender information is so easily forged.
Another potentially large problem we encountered during tests was social acceptance of challenge/response, especially for organizations that routinely send and receive mail from new sources. Unknown senders, such as new customers responding to a marketing campaign, get a challenge message unless special rules are crafted.
Judging by the everchanging tricks and dodges spammers use to evade anti-spam tools, we think its only a matter of time before a keyword list is built that will evade ChoiceMail 2.5s challenge mechanism.
During tests, when unknown senders posted e-mail to our in-box, ChoiceMail generated and sent an e-mail message to them asking them to confirm they had sent us an e-mail. When a response was received, the original e-mail was placed in the in-box, and any further communication from the senders was automatically passed into the in-box.
Although challenge/ response is a well-known method of handling other kinds of interactions—for example, a knock on the door that elicits a “Whos there?” which is followed by “Its me, Cameron”—this is new territory for e-mail. We think there is currently a high risk that the challenge/response test may create a barrier that a significant number of legitimate senders might not be motivated to overcome.
Social problems aside, we think ChoiceMail 2.5 is a big step in the right direction for identity-based anti-spam systems. We hope future versions of the product handle some of the authentication without involving the people who are sending and receiving e-mail messages. For example, ChoiceMail integration with domain authentication tools, which are likely to appear during the coming year, will enable more hands-off authentication.
We advise IT managers not to write off identity-based anti-spam tools. In the not-too-distant future, these products will likely be the best option for preventing spam from clogging in-boxes. Just not today.
Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.
Be sure to add our eWEEK.com messaging and collaboration news feed to your RSS newsreader or My Yahoo page