Can MS Take Over the Anti-Spam Market?

While Microsoft's forthcoming anti-spam software is hanging over the security market, third-party vendors really have little to fear. As good a job as Microsoft's Exchange Intelligent Message Filter can do, it won't be the right fit for most customers.

At Comdex earlier this week, Microsoft Chairman Bill Gates announced that the company would release an anti-spam filter, the Intelligent Message Filter for Microsoft Exchange 2003. This filter implements the same "SmartScreen technology" in MSN mail, Hotmail, and Outlook 2003.

Suddenly, the analyst circuit lit up with concerns about the damage this would cause to the market. In an AP report, a Gartner analyst raised the radioactive specter of Netscape, presumably to mean that if Microsoft didnt charge for their anti-spam filter, soon it would have 90-something percent of the anti-spam market. Sorry, but I think this betrays a rather shallow assessment of the market.

First, to reiterate, Microsofts announcement was that this product would be for Exchange 2003 and that it would be available to Software Assurance customers. If you want to see the actual press release about the speech, click here. The transcript of Gates Comdex speech is here.

Looking at the announcement, the first, and most obvious point to make is that there are still a lot of Exchange 5.5 and Exchange 2000 shops out there, and these customers wont have the option of running Microsofts anti-spam solution. At the very best, it will be a year or two before Exchange 2003 can make significant market penetration, although perhaps the availability of "standard" anti-spam filtering will facilitate adoption of it, and this may be the real motivation behind the addition of the Intelligent Message Filter (IMF).

Its important for Microsoft, which (surprise, surprise) is in the business of selling software, to keep people upgrading, and the IMF is an inducement for some users to upgrade. In that sense, Microsoft has no direct interest in destroying the markets of other anti-spam companies, they have an interest in selling Exchange.

Finally, many Exchange 2003 customers wont buy it through Software Assurance, but through some other license, such as an OEM Small Business Server 2003 license. Then again, not every Exchange 2003 user is a Software Assurance customer.

How IMF will behave on a server remains to be seen, but SmartScreen on Outlook 2003 isnt all that bad. When I recently tested Norton AntiSpam 2004 and McAfee SpamKiller 5, I ran the same e-mail set through Outlook 2003 for comparison.

When set to low sensitivity, the spam detection was not all that competitive (79 percent of spam was detected, with other desktop products finding around 90 percent and higher). But there was not a single false positive.

At High Sensitivity the detection rate was very high, but so was the false positive rate. Enterprise products generally seem to produce better numbers, perhaps because they get to see a larger body of real mail (what spam insiders call "ham") and perhaps they can use more complex models.

However, the real reason that Microsofts IMF wont take over the enterprise—even if its the best spam filter out there and even if they pay you to take it—is that enterprise spam filtering belongs at the perimeter or in a managed service, not at the departmental or even enterprise mail server level.

Now, if Microsoft were to put IMF in Internet Security and Acceleration Server 2004, mentioned by Gates in the same speech, that would make more sense. Not that many enterprises use ISA Server as their perimeter defense.

In most cases, implementing spam filtering at the mail server leaves large amounts of spam traffic clogging up the corporate network. It also means that spam filtering is not done centrally for the enterprise, and therefore the filters will have a smaller set of the good ham to deal with, diminishing their effectiveness.

In addition, Exchange servers are not usually lightly loaded; Exchange itself is a demanding application, so putting another CPU and memory-intensive application on it is not necessarily efficient.

Microsoft also announced that they will provide updates monthly for the IMF, and most enterprise solutions update far more often than that.

For example, a vendor such as Brightmail is so aggressive about updating that Ive heard complaints about the volume of their update traffic. But when a new spam technique comes out and starts spreading like a cold through a day care facility, do you want to wait a few weeks before the update comes out for it? And if that filtering product is on a large number of mail servers, as opposed to a small number of perimeter servers, you will have an update distribution problem.

There are vendors who will be hurt by this, such as SunBelt Software and their iHateSpam Server Edition. Like IMF, iHateSpam is integrated into Exchange Server, but at least it works with Exchange 2000. And once we know what Microsoft means when they say that they leave the door open to 3rd party value-adds, perhaps even SunBelt will have opportunities there.

In fact, the situation with IMF and iHateSpam is not unlike the Outlook 2003 issue. There are many third-party add-in spam filters that integrate with Outlook, and generally they work with Outlook 2000 and 2002. Perhaps they work with Outlook 2003 as well, Im not sure. But Outlook 2003s built in spam filtering is only in Outlook 2003.

Will Outlook 2003 destroy the desktop anti-spam market? I dont think so.

Consider that there are the opportunities to sell to Outlook 2000 and 2002 users. But even if there werent I think the main desktop spam problem isnt an Outlook problem. Outlook is largely a corporate tool, and corporate spam filtering should be done at the perimeter, not the desktop. Consumers tend to use Outlook Express, which comes with all versions of Windows, and for which the market is left wide-open for third parties.

After thinking it over, the really interesting question is if Microsoft cant cause a consolidation in the anti-spam market, what can?

The number of companies in the anti-spam market, from consumer to enterprise and to service provider, is enormous, perhaps there are well over 100 developers. That quantity doesnt seem like a tenable situation in the long term, yet there are loads of individuals and organizations who arent using any spam protection at all.

I predict that the Exchange Intelligent Message Filter wont be a big deal in the market, and there will be lots of room for growth left for everyone. Unless the unthinkable happens and we actually solve the spam problem.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

More from Larry Seltzer