Monday, November 4, 2013

SpamBrella - a Postini and Google Aps alternative


In my quest to find a replacement to the debacle that is the Google Postini transition to Google Aps I evaluated a service from http://www.spambrella.com.  You can review my previous blog posting for a detailed account of the issues I encountered in attempting to make the Google Aps solution work for my domains and my customer domains.  

Spam (Junk Email) is a serious problem and time waster.  In addition it can expose your systems to malware via links to untrusted websites that are sent in these junk email messages.  I believe every company has some sort of strategy for handling this problem.  

I have several requirements for spam filtering. 

  • A message center where users and administrators can manage their spam and filtering settings
  • Individualized white and black lists to block certain addresses and allow others through the filter
  • Significant support for multiple aliases to an email address
  • Timeliness and accuracy
  • The ability to allow me to become a reseller of the service if I should so desire
In my quest to resolve the significant issues I faced with the Postini transition I encountered a service offered by Spambrella.com.  I spoke with a very knowledgeable and friendly representative both in email and on the telephone.  I decided to try an evaluation of the service to see if it would correct my issues with Postini and meet my requirements.  Immediately I ran up against a limit with the number of aliases I had with my account but Spambrella easily provisioned my account to allow 50 aliases per user.  

The service works similarly to Postini offering both inbound and outbound filtering as well as email continuity (ability to check email via their servers even if your email server is down) and email archive.  Each of these comes at a price, but the pricing is very reasonable and largely comparable to Google Aps pricing.  One sets up their mail server addresses with Spambrella and then configures MX DNS records to point to specific spambrella mail servers positioned around the world.    A configurable daily (or two times a day) email is sent to the users detailing their held (quarantined) messages and the user can use links in the email to either login to the mail management console or release the specific email.  In addition users can simply login to the console and manage their settings and quarentined  email.  

I used exports of my Postini account and user settings to setup the initial settings at Spambrella.  The web based administrative interface is intuitive and attractive. 

Spambrella offers some additional features that no other service I encountered offers.  These are "greymail" blocking as well as link filtering.   Greymail should not be confused with greylisting that is offered by several ISP's and filtering services.  Greylisting is a strategy where by ip addresses that connect are initially denied a connection to the mail server.  Legitimate mailers will try the connection again later at which point the greylisting server will "whitelist" the ip address and allow the email through.    

Spambrella's Greymail blocking (which is optional)  allows you to block "greymail".  Most spam reported is actually greymail.  Somehow or other users end up on a mailing list for a company or product and this company sends advertising or other alerts to the subscribers.    Most of my spam complaints from users are actually greymail.   Spambrella offers an option to block this greymail by default.  The mail ends up in the users quarentine and can be released and the sending address whitelisted if desired.

Spambrella also offers a filtering of hyperlinks that are included in the email  They have partnered with McAfee for this offering and it is really interesting and beneficial.  Any hyperlinks in the email are replaced with a url that goes through McAfee.  The sites being visited are scanned against known malware and infected sites and the user is allowed through if all clear, or blocked if the site is infected with viruses or malware.  Unknown sites are scanned real time and their status is displayed so the user can decide if the visit is warranted or not.  For those administrators uncomfortable with links in email being replaced, the feature is optional.

In my evaluation period of the service, I found the support to be exceptional and the filtering to be first rate.  There were few false positives (Aside from greymail that we actually wanted to see) and virtual no spam making it through the system.  The quarantine summaries were easy to read and handle.  The end users had no complaints and the performance of the system was superior speed wise.

For businesses and users transitioning from Postini to Google Aps who are dissatisfied with the accuracy, feature set and stability of the Google platform and for those looking for junk mail filtering for the first time, I heartily recommend Spambrella.com.   

Postini Transition Alternatives to Google Aps

A long time ago, when I first developed web sites and was also active on news groups, I started getting a lot of junk mail (spam).  I had published my email address on multiple web sites.  I don't like having to switch email addresses and I really like the ISP I use for web hosting and email so I looked for a spam fighting solution.  The isp (http://www.pair.com) uses spamassasin for reducing junk email, but it just really didn't keep up with the annoying mass of email that kept arriving.  In addition other associated email addresses that I have setup for subcontractors and family also received a ton of junk email.  

I went on a search again for an email filtering solution that would be easy to implement, relatively inexpensive, and accurate.  I ended up finding Postini.   Postini had been recently purchased by Google but I was very impressed with the accuracy and simplicity of the product.  Basically you point Postini to your mail server and point your DNS MX (mail exchange) records to a special Postini set of addresses.   You can then manage your email users, with multiple aliases, set levels of spam filtering and create white and black lists for spam delivery.  This worked flawlessly for several years.

I liked the service so much that I transitioned some of my web hosting customers over to Postini.  I wanted to become a Postini reseller but Google had discontinued that option, so I just setup individual accounts for these clients.

Then the ultimate in corporate consolidation began.  Postini users were told they would be transitioned to Google Aps for Business.  The pricing would remain the same and equivalent features would be available and everything would work the same, expect you would get superior spam filtering.

I had noticed that the filtering Postini had begun to falter at times, but overall it was still very good.  A few more false positives than I liked and some spam making it through, but the whitelist took care of the false positives and the others gradually died off as postini did update their filters.

I attended several webinars given by Google about the postini transition.  They really wanted people to switch to gmail for their end users but for several reasons I didn't want to do that.  My users were all happy and well versed in using the Pair.com email services and could use any email client that they liked.  In addition gmail just was going down too often, while my ISP email NEVER went down.

However, Google promised that these external mail servers could continue to work with enhancements that they would make to Google Aps.  There were several other features that were essential to me as well.  One of these was a user specific white and black list.  Often times people would get on mailing lists, or company notification email lists, and while technically not spam, these users would not want these emails.  Blocking or allowing these on a user by user basis is essential.  In their webinars when this subject was brought up, Google just said Gmail would learn from the user marking items as spam or not and would then properly deliver email.  This was such a weak response that many questioned it.  The main objection is that these accounts are not going to use Gmail!

Postini also has a message center that will allow users to administer their own spam settings (if the administrator desires to allow it) or that the administrator can use to look at user email quarentine  and manage white and black lists.  I used this feature heavily to help the less tech savvy users block and allow email and to handle filtering of known malware links that might show up first in my mailbox.  If it made it past postini filtering in to my box I could be assured some of my users would get it as well.

Google hadn't (And as of this writing still HASN'T) developed a message center.

Google's repeated promise was that the transition would NOT begin for any accounts until equivalent functionality was available.

Frankly with Postini starting to fall down on the filtering job and complaints increasing from my users I was looking forward to the transition from Postini to Google Aps.  Google was to transition accounts on their anniversary date which for me is April, in case some accounts didn't want to make the jump for some reason.

Imagine my surprise when I received email on all my accounts about transitioning in late August that indicated my accounts would be transitioned and that it was required and that once the transition began it could not be reversed.  Google obviously has a drop dead date for Postini and they wanted to transition these accounts ahead of their anniversary dates.

I was satisfied to do it - but they did note that the message center application wasn't ready but would be early in the third quarter.  There didn't seem to be any option to wait, however, as they gave a 90 day deadline to make the transition.  As Postini filtering continued to deteriorate I decide to go ahead and start the transition.

That's when the pain began.  My users didn't all fully transition.  Some were partially in the new Google Aps for Business user interface and some were in one area but not others.  I reported the issue but it went unresolved so I manually deleted and re-added the users that were not properly configured.

I learned that each email account would have a separate Gmail address.  This gmail address could be used to view the spam that was filtered and the user would also receive a daily quarantine summary similar to postini where they could mark email that was captured as spam to not be spam and it would be delivered to their inbox.

I set things up according to Google specifications and mail began to filter through the new engine.  And more and more spam started to appear in end users mail boxes.  In addition a lot of false positives started to happen.  More troubling was that some occasional emails were showing up in the gmail account inboxes.  Google assured me that nothing should show there.  That my users didn't even have to know about the existence of these inboxes because we were using an external (What Google in market speak termed "Legacy Servers") mail server.  However, email was definitely showing there and there was NO FACILITY To get that email into the end users "legacy" email inbox.

I went round and round with Google Aps support on this issue and they finally said that the problem was that the email made it past their first filter but in the second filter it was identified as spam.  They never could explain why it didn't end up in the spam folder or why it never showed on the quarantine summary.

Then the issue of email undelivered came up with my users.  My users (and even myself) sometimes deleted the quarantine summery.  The summary had links to release email that was held as spam.  However, if you lost or deleted the summary there was NO WAY to get the held email delivered to your inbox.  If you logged into the secret gmail account and marked spam in the spam folder as not spam, it would move to the secret gmail inbox and NOT be delivered to the end users email server.  Without a message center there is no way to manage delivery.

In addition there is no per user white or black list available.  The filters are to learn as you release email that the email isn't spam.   They have a confusing scheme where email is released, but can then in the same interface be marked as spam.  This is so you can look at the email, then decide if it was really spam and mark it.  This was so counter intuitive to my users that they were marking legitimate email as spam as the mark as spam button was the largest and default on the screen.

In addition to all of this I was receiving email from another client that was clearly not destined for me in any way, shape, or form.  This never happened with postini.  For each of my clients I had setup an email alias that forwarded to my email for managing the billing and the root postini account.

I would setup  this account and then have a forward to the principal at the business and to me.   With Postini this was never a problem.  With Google Aps I was suddenly receiving email that was destined for another user at my client's domain.  What I found out after a bit of going back and forth is that when an aliased email is released, it is delivered not to the alias email address but to the main address associated with the alias.  So while I wasn't doing anything wrong, the email was going to the base account email because the primary business owners email was the one it was addressed to and it was the one I have the special account setup to forward to!

At this point I am spending a lot of time managing email systems that here to fore were working perfectly.  And things are becoming quite frustrating.

I also have some special needs because in the past I setup special email addresses to bypass filtering and expedite delivery.  Some of these are still in use but I personally have about 30 aliases that go to one email inbox. Postini handled this well.

In all my frustration I turned to the internet to find an alternative to Postini that would give me equivalent functionality and filtering that would be superior to the now inferior Google Aps solution.

I found several offerings.  McAfee has one, Symantec and I found a few others as well.  Each of these  had a 5 alias limit per paying account and the pricing would often quintuple what I was paying for Postini.   In addition I am responsible for more than just my domains.  I have clients that are being negatively impacted by the transition to Google Aps and I need to act.  It would be nice to be a reseller for these services in order to get some volume discounts and to better serve my clients.

I eventually found two Postini competitors that use the same basic infrastructure of  special MX servers as well as the ability, if desired, to archive email for those clients requiring an email archive.

I am going to review each of these in a separate blog posting.  Stay Tuned....