MailGate is yet another offering in the ever-popular anti-spam field. Our review unit was a small (rack-width, half-length) 1U appliance based on PC hardware (a 3.06GHz Pentium-4 with 1GB RAM and a 40GB Seagate hard disk – though the production unit has 210GB of storage).
There's a beefier model too – a 2U box with twin 2.04GHz processors, double the RAM, and a pair of disks giving mirrored storage (but with a slightly reduced capacity of 182GB). All the buttons and connections, with the exception of the power inlet, are on the front panel.
Initial address configuration is via the front panel, which has a small LCD display and a collection of buttons for working through the various configuration menus. Once you've set the IP address, subnet mask and gateway, the rest of the configuration is dealt with from a Web browser. When you first connect, you're walked through a wizard that asks for some extra network details – DNS servers, the hostname for the device, and the address of the mail server it's protecting. Part of the wizard is to choose how to deal with new users the device comes across as it sees messages passing in – users can be activated either automatically or by hand, and the administrator can choose whether he wishes to be notified each time a new user appears.
Configuration and operation of the MailGate differs somewhat from the other anti-spam devices that we've reviewed because it takes a novel approach in identifying spam messages. Instead of applying "traditional" mechanisms such as Bayesian analysis of the words in each incoming message, the MailGate uses a concept called "Intent Based Filtering" (IBF) to decide whether a message is spam or not. It's all about analysing the "meaning" of the sentences in the email instead of looking (as a Bayesian filter does) at the individual words and scoring them for "spamness", and the theory is that because it's not looking for individual words, there's no need to have frequently-updated signature files that allow the system to keep up with new spam techniques. This said, you do have the ability to give the system some broad-brush concepts such as "Accept all mail from domain X", or "Block all mail from domain as it's junk", or "Flag all mail from domain Z as bulk email, but deliver it anyway".
The administration screens are Web-based, and follow a two-tier menu structure (there's a set of top-level menus covering key concepts such as sender management and user settings, with a sub-menu under each of these). The unit can exist as a stand-alone entity if you so desire, or you can give it the details of an LDAP directory service if you want users to be able to log into the end user GUI using their normal Windows password. Users are created automatically by the system when it sees mail coming in for the domain(s) it controls, though you can control the level of automation (we chose, for instance, to auto-create the users but for each account to require the administrator to tick the "active" box on the user management page).
The user GUI is another Web interface, and this is used by your end users to view what's happened to their mail. Each user is given a list of messages (you can view everything or split things down into legitimate/junk/bulk sub-sets). If something's been blocked as junk, the user can decide it's actually legitimate, and can tell the system to deliver that message to their mailbox – though rather oddly, they can't view the actual message body, so it's a case of guessing from the subject line and the sender whether something is junk or not.
So do we like the MailGate?
We don't have a problem with innovative concepts, particularly in the spam field where even the vendors will admit that traditional techniques don't solve the entire problem. But the MailGate misses out on two points. First, we firmly believe that if you're using a new technique, you should do the basics first – checking blackhole lists and such like – and the MailGate doesn't do this. Second, we're not convinced that this allegedly wonderful new IBF stuff even works at all, or that it's not (as is claimed in Tumbleweed's white paper) checking words against a signature file.
To test this theory, we sent ourselves a number of messages. The body text was taken from an e-mail that the Eudora mail client had identified as spam; we sent it with a number of different subject lines. When we sent it with its original subject line, MailGate flagged it as legitimate (despite Eudora having correctly noted that it was spam). When we used the word "Piano" – a nice, innocuous word – MailGate again flagged the message as legitimate. And when we changed the subject to "P1ano", to see if it would catch on that we were trying to hide the meaning of words by replacing letters with numbers, it again flagged it as legitimate.
When we entitled the message "Viagra" … BANG! – it's suddenly junk. And having sent a few more instances under other innocuous headings (just to make sure it wasn't recognising the body content as something it had seen before) we figured that, actually, it must be checking stuff against a list of "known spam" words … which rather contradicts the statement from Tumbleweed's IBF white paper that " it does not rely on blacklists, rules, or signatures"
This product doesn't quite live up to some of the claims made for it and it leaves us a bit unsure of what might make it stand out from the crowd. The idea is good, but from what we've seen, companies like BrightMail, BorderWare (MXtreme) and MailKey are still the ones to beat.
Traditional anti-spam units tend to catch "false positives" but they generally do a reasonable job.