The debate over the best place to stop spam and viruses has taken off again. In the red corner are companies offering outsourced services that reside in the network and aim to prevent malware from even reaching your network, while in the blue corner, appliance developers say their on-LAN systems are more cost-effective and controllable.

"In the messaging market, outsourcing fits quite well," says Jesse Villa, technical product manager at messaging services provider FrontBridge. "We have analysts updating our spam and virus filters 24x7."

Villa was speaking as FrontBridge expanded its range of outsourced enterprise email services, adding the ability to send encrypted email plus an archiving service for email and instant messages. "Looking forward I think more and more organisations will outsource their email services, because it's extremely difficult for IT managers to keep up," he adds.

Part of an infrastructure
"All these email functions are part of a larger email infrastructure and absolutely need to go together. Enterprise customers want a consolidation of these technologies. People are warming up to outsourcing and the benefits it provides - regulation and compliance also benefits the outsourcer, because it requires backups to be stored outside the local network."

He argues that blocking at the network level is more efficient, pointing out that even if you buy an appliance, you still need to subscribe to an update service to keep its antispam and antivirus rules current, plus the rubbish is still bunging up your Internet connection.

"An appliance such as IronPort is a semantic difference," he says. "The box is in-house but the service is still outside, plus you're not protected against Denial of Service attacks, for example, nor are you reducing the traffic into your network."

However, while outsourced filtering might reduce your incoming traffic, it will actually increase the total amount of traffic you have to pay for because you also have to pay for the bandwidth into and out of the outsourcer, counters Dean Draco, president and CEO of appliance developer Barracuda Networks.

"In any case, if you do the maths, the amount of your T1 line used by email is probably less than 1 percent, spam and all," he adds.

The need for control
He says too that the control aspect is important: "Outsourced email died in the US because of security and management issues. Large companies are adding and removing people every day, plus most won't route email through a third-party - don't ask me why, it's an emotional thing. A service can be hard to integrate into an enterprise too, into Active Directory or LDAP."

Draco describes the Barracuda box as essentially a spam-firewall that sits behind the main firewall. "We view the market as identical to the firewall market," he says. "Firewalls started out as software-only, for example you paid $30,000 for CheckPoint and ran it on a Sun box. Then Nokia came along with a $30,000 box, and finally you had the price drop.

"It's the same in the spam market - software first, such as Brightmail, then CipherTrust and others with dedicated hardware. We are the equivalent of Netscreen - we do the same as CipherTrust but at a very different price point. It's $2000 to $20,000 instead of $50,000 to $100,000.

The appliance approach
"An appliance means ease of use and robustness - it's more robust than just software because the appliance developer also has to think about the operating system, the hardware and maintenance issues too."

And while Drako acknowledges that freeware or open source software running on a spare server might provide a cheaper alternative for some users, he claims the advantage is illusory: "We provide a combination of software, hardware and service," he says. "You can never repeat that on an old PC unless you spend four or five hours a weeks keeping it running. That's not a good investment."

Something both companies agree on is that beating the threats of spam and viruses requires a layered approach. "I don't think there is any debate, the best way is a mix of connection information, inspecting where the message has come from, and then layering on content tools and heuristic detection," says Jesse Villa.

He reckons FrontBridge can bounce 60 percent at the SMTP layer, just by seeing if it has a valid source address, and can block 90 to 95 percent overall, without losing any genuine email to false positives.