• Product: Trend Micro Spam Prevention
• Direct Price: With IMSS, $52.40 per user for the first year
• Company Info: Trend Micro Inc., 877-268-4847, www.trendmicro.com

We tested Version 1.1 of SPS for Windows, which operates as a separate SMTP proxy program, scoring mail, marking up headers, and passing mail on to IMSS for disposition. (Version 1.1 for Solaris and an earlier version for Linux are also available.) We think this dual-product setup is inconvenient, though experienced SPS administrators may not mind it much.

The SPS program itself is an implementation of the scoring parts of the Postini spam-filtering service. The heart of the program is the Spam Filters tab, where we set a general spam level and four individual category levels for the engine to check. If a message meets the specified level of sensitivity to the particular category, or to an overall measure of spam, SPS adds headers to the message indicating that the message has or has not met the appropriate threshold. Alternatively, it can add a label (for example, SPAM:) to a subject line.

Setting the basic proxy configuration of the program is straightforward. We easily created global domain- and IP-level blacklists and whitelists and lock out whole ranges of IP addresses. Like any good gateway product, SPS can update itself from Trend Micro's servers and do so on a user-defined schedule.

SPS's Exception Filter facility disappointed us the first time we tried it. We tested during the height of the Sobig.F worm and attempted to write a filter to catch it, but the filter editor was not precise enough for our needs. For example, we could not require that the entire subject line specifically equal Re: Approved (as the Sobig.F messages were headed). Rather, the program was ready to block messages that had Re: Approved anywhere in the subject line, which of course meant that real messages with those words would have been blocked.

In any event, SPS itself does not quarantine or delete spam based on such scores. Instead, we had to go to IMSS, where we manually created an incoming filter to quarantine spam messages. Out of the box, IMSS knows nothing about SPS filters; we had to enter the header to look for the values on which to filter.

SPS's spam-catching performance (it caught 73.1 percent of our incoming spam) was on the low side, but its false-positive rate (just 0.3 percent) was exemplary. Still, we don't love the two-step approach that SPS entails. But if you're a Trend Micro shop already, then SPS makes perfect sense.