Is Self-Hosted Antispam Obsolete?

Hosted solutions for email antispam protection seem to be the clear choice because of resource use, efficiency, cost, and other factors, though some organizations have their reasons for keeping control of their data with on-premise tools.

Paul Robichaux

May 14, 2008

3 Min Read
ITPro Today logo in a gray background | ITPro Today

Software as a service (SaaS) is a hot buzzword in the IT industry at the moment. It's a broad term, covering everything from fully hosted systems, such as Salesforce.com and Microsoft Exchange Online, to systems that combine hosted services with systems you run at your location, such as Azaleos's Exchange Server monitoring and management services or Fortiva's email archiving products. SaaS has both promoters and detractors; as with most IT products and solutions, there are many different opinions about whether SaaS is a good fit for particular applications.

Having said that, I think it's time to acknowledge one area where SaaS is a clear winner: antispam filtering. In my view, there are few reasons to continue running on-premise antispam tools and strong justification for using hosted filtering solutions.

First, consider resource use. Every message stopped by the filtering service represents bandwidth not used to transmit that message to your servers. At 3Sharp, approximately 98 percent of our inbound bandwidth is consumed receiving messages that our Barracuda Spam Firewall 200 appliance promptly marks as spam and throws away. Switching to a hosted service immediately frees that bandwidth. If you're using a software solution for filtering, you should also consider the amount of server resources needed to perform the actual filtering.

The second major reason I think hosted filtering solutions have won the battle is efficiency. There are great economies of scale possible in spam filtering because of the way spammers operate: They send out millions of messages to millions of targets. A well-implemented filtering system can catch a spam message, then use signature-based filtering to block it for every other service subscriber. Self-hosted systems that use collaborative filtering technologies offer the same benefit, but in this case bigger is better. The more subscribers a service has, the more all its users benefit—until the point, of course, where the service loses its ability to provide responsive filtering and customer service!

The third argument in favor of hosted services: Cost. Many antispam software and appliance vendors use a subscription model, which effectively turns what used to be a one-time purchase into an annualized expense—just like a hosted service. Factor in the savings you'll realize with a hosted service in not having to manage, patch, or troubleshoot the solution. However, you can't remove the cost of having an administrator tweak the filtering to reduce false positives; someone will have to do that no matter which antispam solution you use.

The fourth and final argument I advance in favor of SaaS antispam solutions is that they can also do anti-malware filtering at the same time—a great benefit. Of course, this doesn't remove the need for maintaining your own internal anti-malware filtering because not every malware threat arrives via your inbound SMTP traffic.

There are also arguments in favor of self-hosted antispam solutions, of course. Notably, some organizations insist that they need to have ultimate control over filtering behavior. However, if you use a self-hosted product that includes collaborative filtering, you've already ceded that control. Then there are the self-hosted products that give you only minimal control over how filtering works, such as the Exchange Server 2007 Edge Transport role.

Others objectors dislike the idea of having a third-party service seeing all of their inbound mail. However, unless you're using S/MIME—or at least Transport Layer Security (TLS)–protected SMTP—the outside world can already see your messages. There is some theoretical risk involved in having all your mail concentrated through a central service, but you can mitigate this risk by knowing and understanding the service's policies, including whether it's SAS-70 certified.

The broad diversity of service offerings in the filtering market means that virtually every organization can find a combination of services, price, and policy that they find acceptable. Eventually, of course, consolidation in this market will result in the death of some of these service providers, but now—while competition is heated—is a great time to explore the market.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like