Lab test: Sendio I.C.E. Box

Sendio's challenge/response mechanism is extremely effective against spam, but not so effective in handling bulk mail users want to receive

Many products claim to filter out 99.9 per cent of spam, but the Sendio I.C.E. Box 3.0 is the first I've tested that actually did so. Sendio claims zero false positives as well, but that isn't accurate. Because Sendio's challenge/response mechanism requires a human from the sender before mail will be delivered, any bulk e-mail sent via an automated process (with no means to reply to the challenge) will be quarantined until released by the enduser. Products that truly avoid false positives, such as Cisco IronMail and Symantec, spare endusers the hassle.

The I.C.E. Box works differently from any other appliance in this test. Rather than filtering e-mail based on the content of the message, the system sends a challenge to any sender it doesn't recognize. The sender simply replies to the challenge e-mail, and then the original e-mail is allowed through. This places the burden on the sender, which may be your customer or partner, rather than on the appliance or the recipient. As long as you don't have a problem with this, the system is very effective against spam, though at the cost of quarantining bulk e-mail.

A lot of the initial configuration of the I.C.E. Box has to be done via a commandline interface over a KVM connection, using an ugly, ugly interface. There's much more of this initial configuration than with most systems, before you can connect via Web browser to complete the . Login to the browser GUI is not "admin" but "admin@icebox" which not the real domain but an arbitrarily longer login. Things aren't a lot better once you get the to Web interface; administration through the GUI is clumsy. When clicking on a tab, then on an action, the cursor doesn't end up in the data entry box by default -- you have to click on the field. Some actions can't be taken until other fields are set, but there's nothing to indicate which fields have to be set first; they're all grayed out.

You can't change the default verification message sent to unrecognized senders without sending the revised text to Sendio and giving t port 22 (SSH) access to the box so they can install a new version. Sendio says it will change this in a future version.

After the system is set up, you'll need to whitelist a lot of bulk e-mail. Unfortunately, it takes a lot of clicks to whitelist any message. The view of quarantined messages filters out bulk mail by default, which doesn't make a lot of sense, considering bulk messages will make up the lion's share of quarantined messages that you'll want to release. In my case, changing the view to show bulk revealed the number of quarantined messages to be 2,503, which included 81 false positives -- second worst in the test.

The I.C.E. Box also imposes a limit of 5,000 messages in the quarantine, which can only be changed by a Sendio tech via SSH at the moment. Sendio has committed to changing this approach going forward.

Filtering 99.9 per cent of spam and effectively blocking viruses, the I.C.E. Box doesn't offer much in the way of other features. It provides no compliance filtering, no attachment scanning, no reporting tools just logs with minimal search tools. There is anti-phishing functionality, but phish that appear to be from addresses that have been whitelisted get through. The I.C.E. Box doesn't look further than the from address, so spoofed addresses are accepted.

At a hardware cost of US$1,995 and a low peruser cost, the I.C.E. ox is very inexpensive. It also stops a very high percentage of spam, as long as you're willing to make your customers and partners prove they are who they say they are, and to manually whitelist all the bulk e-mail you want to receive.

Return to: Mail security challenge

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CiscoKVMSSHSymantecVIA

Show Comments