Email HE!L!

Published on: 17/08/2017

To start off with we considered what we need from our email systems;Email Hell

  1. Compliance with security requirements
  2. Manageability
  3. Cost

We put security first because we need to achieve external certification for our work with UK authorities. This had identified that our old Exchange 2007 set-up was no longer supported by Microsoft. And also, our Spam management service (Policy Patrol) had stopped trading. Thankfully it was still operable and fully configurable “on-premises”. But we had to move on!

Hence our journey commenced. Looking back on it –“It’s a dangerous business, Frodo, going out the door …”

To start off with, our default was simply to update with Policy Patrol and Exchange. But Policy Patrol was no longer available. The company was now called “OPSWAT” and the product was no longer available. Everything email management related seems to be going “to the cloud”.

So should we go “Cloud based” or should we stay “On-premises”?

The uptake of Cloud services has grown considerably over the last couple of years. So on face-value it seems the obvious step. Just a brief look and you can see it claims to be cheaper and easier to manage ... and obviously it would be secure.

So first action was to update our Exchange version (no small task – thanks Microsoft). But we got there and when we were up and running we utilised the Exchange Anti-Spam and Anti Malware features to protect us from all that bad stuff. But then we realised we were losing a lot of reporting of captured emails. In fact, some categories of email are simply “dropped” by Exchange. So none of our Users knew that the sender had even tried to contact them.

This was a big problem for some of our users. Admittedly the people sending emails to them were using badly configured email servers and / or email client programs. So it was THEIR fault. But, surely, as a very minimum we could provide the Users with a summary of failed emails, so they at least know who was trying to contact them.

Nope!

Further research so amazed us that we had to conclude that Microsoft was on the path to completely dropping the on-premises version of Exchange and called into question why we are using Exchange on-premises at all? They have dropped the anti-malware update service back in Nov 2016. So it dawned on us – this is not actually secure!

Instead of using the free “Microsoft Forefront” service they want us to use “Exchange Online Protection” – a paid-for-service. First things first, set up an online account with Office 365 and … eventually we are ready to connect EOP to our on-premises Exchange.

But hold on a second! Will our Users be told about emails being blocked for SPAM reasons??

Nope!

So let’s try an alternative. A custom-built AntiSpam system, dedicated for Microsoft Exchange. There are a few of them out there. But first to uninstall the Exchange settings (Agents) so we know what is going on with Spam processing. NOT an easy task, not very logical nor convincing. In MS Exchange, disabling doesn’t necessarily stop things working. And uninstalling doesn’t necessarily stop things working, if not already stopped and disabled!!! But we got there.

Which AntiSpam tool to use? The Top Google search – SpamFighter. After a couple of hours setting this up on our Exchange server – we start to find out what it can’t do – send our users notifications that emails have been sent to them from bad addresses.

We struggled on with Spam Fighter this for a couple of weeks – thanks to the support from the single person working at this Danish company, supporting this Exchange product. But we started to have doubts when their specialist refused to explain how their “community blocking” process works. Finally bit the bullet and moved onto – OPSWAT.  Didn’t stay there too long, however, – they don’t do the Notifications or Blocklist either. How about our AV company, ESET Nod 32. They have a Mail Security product.

First to uninstall SPAMfighter (not as easy as you’d hope!)

But this has a plus – we already use ESET – and it has a Remote Admin system we are used to. (don’t really like it but at least we can be on a common platform)

Nope!

The mails Security product is a separate Program. It does a bit of communication with the Remote Administrator program but is still a separate system!

SO should we simply switch to the Cloud? Exchange Online and let (pay!) Microsoft do it all.

Let’s be clear – Microsoft is going to switch its’ products to the Cloud! Obviously the driver for this will be, improved service, better value (cheaper!) and more secure.

Nope!

Exchange Online was certainly NOT a simple thing to understand. In fact it was more restricted, less manageable, almost incomprehensible, more expensive and is built to encompass all of your “Office” requirements – i.e. it has an “all-of Office-365-or-nothing” feel to it. And then it started to dawn. It is all-or-nothing! Microsoft is going to drop “On-Premises”. It is going to make us use their “Cloud Services”.

Over the years working in IT I have on many occasions thought – people won’t be so stupid – they will see through this.

But we don’t. And Microsoft know this! Consequently we are treated with utter contempt!

Let’s be clear, if you move to the Cloud you will become entirely dependent on that provider. You will not know what they are doing with your email and you will pay them their fee forever!

So, what happens when;

  1. They make a mistake
  2. Their service fails
  3. Their staffing levels reduce their support capabilities
  4. They pull the service
  5. They go bust
  6. Or they put their prices up

And, more importantly, what is happening to your email? Remember this is your primary method of communication within your organisation and with your suppliers, customers, regulators etc. So you SHOULD know what is happening to it.

By now most people would simply have given up and taken on board the Microsoft “tax” and put their faith in what they get from them.

Problem is – without the experience of the past four weeks …!

So we are sticking with On-premises – for as long as we can. We are not going to change our working practices to suit the software provider. We do not trust the provider to keep our service safe. We sympathise with the email software community that has invested in Exchange. And we are going to stay in control of our service as long as we can. Let’s hope we get through our Cyber Essentials Certificate after all of this!