Comments on: Playing with GFI Max Mail Protection http://www.u-g-h.com/2010/05/03/playing-with-gfi-max-mail-protection/ Distracting the Mind with Information Overload Mon, 16 Jan 2012 21:10:29 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Dylan Smith http://www.u-g-h.com/2010/05/03/playing-with-gfi-max-mail-protection/comment-page-1/#comment-77584 Dylan Smith Thu, 13 May 2010 09:34:07 +0000 http://www.u-g-h.com/?p=3389#comment-77584 I'll agree 100% that a commercial solution will have a source for technical support and a 3rd party hosted solution allows you to not care too much about the administration of the server, but it's certainly not a given that a commercial solution will be generally more accurate nor more robust nor more scalable. SpamAssassin, for example, is used by some of the world's biggest ISPs - it scales well, and from what I've seen and comparing notes with friends, a correctly set up SA installation will generally beat the competition, especially with regards to avoiding false positives. (Many commercial solutions are in fact SpamAssassin plus support and/or administration). While the GFI MAX offers TLS, that's not really the point that I was talking of - now you have an intentional man-in-the-middle, GFI MAX. The mail must hit their servers, be decrypted (it has to be scanned), re-encrypted and forwarded on to you. At some point the mail will be in clear text within GFI MAX's service. The whole point of TLS for me is that there cannot be a man-in-the-middle, so putting an intentional one in (however trustworthy they may seem) sort of defeats the point of having it in the first place. It may not matter for personal email, especially if you find GFI MAX's service trustworthy, but may be an issue for those who want to ensure that their mail really is encrypted end to end with no third parties seeing the content in plain text somewhere in between. I’ll agree 100% that a commercial solution will have a source for technical support and a 3rd party hosted solution allows you to not care too much about the administration of the server, but it’s certainly not a given that a commercial solution will be generally more accurate nor more robust nor more scalable. SpamAssassin, for example, is used by some of the world’s biggest ISPs – it scales well, and from what I’ve seen and comparing notes with friends, a correctly set up SA installation will generally beat the competition, especially with regards to avoiding false positives. (Many commercial solutions are in fact SpamAssassin plus support and/or administration).

While the GFI MAX offers TLS, that’s not really the point that I was talking of – now you have an intentional man-in-the-middle, GFI MAX. The mail must hit their servers, be decrypted (it has to be scanned), re-encrypted and forwarded on to you. At some point the mail will be in clear text within GFI MAX’s service. The whole point of TLS for me is that there cannot be a man-in-the-middle, so putting an intentional one in (however trustworthy they may seem) sort of defeats the point of having it in the first place. It may not matter for personal email, especially if you find GFI MAX’s service trustworthy, but may be an issue for those who want to ensure that their mail really is encrypted end to end with no third parties seeing the content in plain text somewhere in between.

]]> By: Eric Schwab http://www.u-g-h.com/2010/05/03/playing-with-gfi-max-mail-protection/comment-page-1/#comment-77572 Eric Schwab Mon, 10 May 2010 17:14:42 +0000 http://www.u-g-h.com/?p=3389#comment-77572 There are many good anti-spam solutions on the market these days, including open source products like SpamAssassin. That said, a good commercial solution will generally have better accuracy, a more robust feature set, greater scalability, and a source for technical support -- along with the value of outsourcing for those customers that do not want the responsibility of setting up or maintaining their own solution. To the point regarding TLS, the GFI MAX MailProtection service can offer TLS. This means that the SMTP conversation between the GFI MAX MailProtection service and the sending server, and the SMTP conversation between the GFI MAX MailProtection service and the receiving server, can be encrypted. There are many good anti-spam solutions on the market these days, including open source products like SpamAssassin. That said, a good commercial solution will generally have better accuracy, a more robust feature set, greater scalability, and a source for technical support — along with the value of outsourcing for those customers that do not want the responsibility of setting up or maintaining their own solution.

To the point regarding TLS, the GFI MAX MailProtection service can offer TLS. This means that the SMTP conversation between the GFI MAX MailProtection service and the sending server, and the SMTP conversation between the GFI MAX MailProtection service and the receiving server, can be encrypted.

]]> By: Dylan Smith http://www.u-g-h.com/2010/05/03/playing-with-gfi-max-mail-protection/comment-page-1/#comment-77556 Dylan Smith Thu, 06 May 2010 17:59:55 +0000 http://www.u-g-h.com/?p=3389#comment-77556 I've not found antispam a problem to update, but I use SpamAssassin. A daily cronjob just runs sa-update and that's it. Same goes for clamav. Roughly 0 minutes a month spent on keeping SA and clamav up to date. SA is enormously effective, my personal mailbox alone last month was receiving up to 2000 spam emails a day (I've had the address for an awful long time), but very, very few of them actually make it to my IMAP client. Curiously, the day after the "Norton AV cockup" the amount of spam fell from nearly 2000 messages a day to around 150. I've only seen that happen when I've heard of major botnets being taken down, so I'm thinking perhaps these machines that were killed off may have actually been infected. The problem with someone else filtering your mail is what if you have organizations who want to use TLS in enforcing mode - it breaks the end-to-end encryption because now (necessarily) you have a man-in-the-middle receiving email on your behalf. You can prise my MX out of my cold, dead hands :-) I’ve not found antispam a problem to update, but I use SpamAssassin. A daily cronjob just runs sa-update and that’s it. Same goes for clamav. Roughly 0 minutes a month spent on keeping SA and clamav up to date. SA is enormously effective, my personal mailbox alone last month was receiving up to 2000 spam emails a day (I’ve had the address for an awful long time), but very, very few of them actually make it to my IMAP client. Curiously, the day after the “Norton AV cockup” the amount of spam fell from nearly 2000 messages a day to around 150. I’ve only seen that happen when I’ve heard of major botnets being taken down, so I’m thinking perhaps these machines that were killed off may have actually been infected.

The problem with someone else filtering your mail is what if you have organizations who want to use TLS in enforcing mode – it breaks the end-to-end encryption because now (necessarily) you have a man-in-the-middle receiving email on your behalf. You can prise my MX out of my cold, dead hands :-)

]]>