7 Features You Want From Your Outsourced Spam Solution

As I blogged about previously, I am not a fan of outsourcing very much within the IT space, but one solution that can be a win for all concerned when outsourcing is spam filtering. If you are considering outsourcing your spam solution for one or more of the reasons I blogged about previously, good for you. Here are seven things to make sure your solution provider can deliver.

The first five should be easy for any vendor to deliver; but don’t be surprised at how many won’t. The last two are more of my personal wish-list items, but I think you will agree that they would make a great enhancement to any product. If you do, start asking for them from your vendors too. Together, we can get the message across.

1. Anti-spam

It may seem redundant to list this, but make sure your proposed solution provider can really deliver the goods, while blocking out the noise. The reputable providers should be willing to let you test drive the service. Since incorporating an anti-spam solution should be as simple as updating your MX records, this is a quick and easy way to test a new solution without any disruptive changes to your network. Just make sure you check the SMTP headers for any spam that does get through, to determine whether it went through your gateway or the vendor’s.

2. Anti-phishing

A good solution should be able to recognise, categorise, and block phishing messages every bit as well as it can spam. Spear phishing attacks against your users are on the rise, and the right solution for your business needs to be able to handle these.

3. Anti-malware

As your first line of defence, your proposed service provider should also scan all incoming email for malicious code, whether inline or in an attachment. This should not be your only line of defence, but it will greatly reduce the load on your internal systems. Personally, I would favour a solution that uses scanning engines different from those I use internally, to ensure that all files have been scanned by multiple engines.

4. Web-based access for all users, not just admins

A good solution should offer a web based portal that all users can access in the event that your internal mail system is down. It’s nice to have that extra way to get to critical email when an unanticipated outage hits. It can mean the difference between an inconvenience, and a complete nightmare, and can be incorporated into business continuity plans.

5. User self service

That web-based portal should be where all users can log in to check spam folders in case a false positive blocks a mission critical piece of mail, add a business partner to a white-list, or add a persistent problem to a black-list.

6. Metrics and reporting

As IT matures, and management books talk about metrics and intelligent measurements and business scorecards, admins are going to be asked for more and more metrics. One thing I have found most outsourced solution providers fall short on is their ability to provide good reports on what is going on. Sure, many have a basic report they mail out once a month saying “look how much garbage we kept out of your inbox!” but those pretty little pictures seldom have any substance behind them, and often are emailed in a form that you must manually read and retype into any internal reporting. Look for strong reporting over time periods useful to your business, and push for automated reporting in CSV format so that you can easily import it into your own dashboards and reports. Vendors tend to be very responsive to customers’ requests when there is a common theme… it’s up to us to make sure we send the message loud and clear.

7. Integrated Authentication

One of the largest problems outsourced solutions present is that they typically require yet another username and password for each user. In the case of a solution you will want all of your users to access, this can greatly increase the amount of user provisioning, and password resets, you will have to deal with. Read this article on how many ways web based services can integrate into a customer’s authentication mechanism, and start pushing for it.

Remember, email is one of the most critical applications on your network, and spam is one of the issues with the biggest impact. Outsourcing spam filtering makes sense, but only if your vendor does it well. Use the first five items above as a punch list, and the last two as a wish list, when evaluating providers, and you’ll do well.