• United States




Red Condor: A minimalist spam appliance

Oct 24, 20085 mins
Data and Information SecuritySecurity

Red Condor provides good spam blocking, but can you live with the minimal configuration?

When Red Condor sent me an invitation to review its MAG (Message Assurance Gateway) anti-spam appliance, I balked. After reviewing dozens and dozens of products with failed promises over the years, I told the company to send it on, but if it didn’t block 100 percent of the spam I was receiving with zero administration as it claimed, I was going to write a scathing review. Red Condor took me up on the challenge, and I have to say the company impressed me.

Bottom line: It failed. On the other hand, the appliance came close enough to succeeding that I can’t write anything scathing about it It doesn’t block 100 percent of the spam, but it’s darned close. I tested the unit over a few months, and on most days I received no spam at all. High days were one or two spam messages. Most anti-spam products result in nearly a dozen pieces of spam in my inbox — on a good day. The MAG 2000’s anti-spam rate was so accurate that I called Red Condor to see if it was manually inspecting my mail to make sure the rates were highly accurate for the review. The office thought I was crazy. And I guess that pretty much sums up the MAG 2000’s anti-spam effectiveness. It was so good I was accusing the vendor of cheating.

[ For more security coverage, see Roger A. Grimes’ recent review of five sandbox security products in InfoWorld’s Test Center ]

Then I sort of caught the vendor in its second misstatement. It claimed that the unit was zero maintenance, with no spam-versus-not-spam training involved and minimal setup. It wasn’t zero administration, but close to it, and easily the lowest maintenance of any anti-spam product I’ve reviewed. And perhaps that is part of the rub. It’s an accurate product, but it’s a little more secretive, black-box-like, and lower on configurable features than all of its competitors (but more on that later).

The Red Condor MAG 2000 comes in the typical 1-U form factor appliance, though it runs quieter than most. The initial setup is very straightforward and standard for appliances. Plug in directly using predefined IP addresses to enter the initial IP and domain information, then reboot the device. After the initial setup you have to contact the vendor to activate the product. At this point, you are instructed to log into the vendor’s Web site, your new configuration and reporting portal (see Figure 1), using a personal URL. With most anti-spam appliances, the bulk of the configuration options are done locally on the device. With the MAG 2000, the configuration is done on the Internet portal, which is then pushed to the device.

It’s an interesting way to configure a local appliance, but consider Red Condor’s origins. It started as an online service only (just like Postini and MessageLabs). Its MAG appliances are just its way of moving its online service expertise into the customer’s local network. Its products and pricing still reflect its history. Appliance models range from the MAG2000 (500 mailboxes, $2,398 including a one-year service pack) to the MAG4000 (20,000 mailboxes, call for quote), and SaaS-hosted solutions start at 5 mailboxes ($108 per year) and scale upward from there. Red Condor also offers to let customers reroute their incoming mail (via the MX record) to their service and then into the local appliance. This way, if your local appliance goes down, your mail is still collected and inspected.

At one point, during the many months of testing, the appliance went down due to a multihour power failure. I received three calls (because I let the first two ring through to voicemail) to notify me of the problem and to ask if they could assist.

Before I continue to speak glowingly about the MAG 2000, I have to share something that is a little disconcerting even beyond the lack of local configuration access. Once in the online portal, the configuration options are minimal. I’m use to anti-spam products with more than 100 options. Some have 200 options. The Red Condor unit maybe has 10, mostly covering the basic white- and blacklisting options. If you’re looking for a product with tons of features, customization, and feature sets, Red Condor isn’t for you. But if you’re limited on time and you just want it to do the basics well, you must try this product. I don’t say the last two statements lightly. Some admins may be put off when they can’t configure some specific option that their environment absolutely needs. For some environments, the Red Condor product may not be an acceptable fit.

After the minimal initial configuration, each user will receive a personal spam report each day, reporting blocked spam. You can review the list and flag false-positives for whitelisting purposes. As its high accuracy predicted initially, I had a slightly higher than expected rate of false positives, but after a few days and literally minutes of total review, the anti-spam accuracy was stellar.

Once, during the testing, I started to get a new type of spam attack. The spammers were using crafty nondeliver reports (NDR) in a way I hadn’t seen before. The end result was that for two days I began receiving more than a handful of spams instead of none or a few. I called Red Condor support and described the problem. The rep made a configuration change on the company’s side and pushed the change to the local box — not a single spam of that type ever since. But I can’t help feeling a little disconnected to the configuration of my own box. What did the tech support person do? It’s a little black-box-like.

But the accuracy of the box has by far overwhelmed my initial skepticism and feelings of disconnectedness. Maybe I’ve been trained to think backward all along. What good are 100 configuration options if they don’t zero out the spam?

Can Red Condor thrive on a reputation of accuracy and an uncluttered, minimal interface? Come to think of it, the leading Internet search engine has made a good go of it.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author