In an earlier post, I looked at questions to ask yourself when evaluating the viability of SaaS offerings for your organization. It’s old news that CRM offerings are a SaaS hot ticket right now. Is there another such application? Message filtering! And if you think Google’s crystal ball is better than most, then their acquisition of Postini last July proves the point. Let’s examine why you might want to use SaaS message filtering.
- Lifecycle costs
Most onsite solutions involve an appliance plus per-user subscription fees. Do the math — for SMBs the costs will not be far apart over a four or five year period.
- Maintenance costs
To reap the true benefit of a SaaS message filtering service, it needs to know all valid SMTP addresses for your business. Armed with a complete list, SMTP connections can be restricted to your provider alone (spammers don’t have to honor your MX records). Pushing this list to a provider one-time is the easy part — maintaining it is extra work. Providers may offer a synchronization feature, e.g. to your Active Directory, but it may cost extra.
A SaaS provider should make this part easy.
- Opportunity costs/core competencies
Message filtering is probably not where you want to spend a lot of time and effort; using a SaaS provider makes sense from this perspective.
- Additional costs for response time
SaaS message filtering is almost a no-brainer in this regard since it introduces only minimal latency into a protocol that is not sensitive to brief delays. Even better, a mail gateway for an SMB can average well over 100k attempted message deliveries per day. That’s processing that moves offsite, and the bandwidth it incurs. If spam consumes 10+% of your bandwidth and saving that allows you to forestall a bandwidth upgrade, you’ve saved money.
Pundits will point to risks to privacy, but remember e-mail on the public Internet has absolutely no assurance of privacy anyway. Yes, you may be subject to the spying eyes of your SaaS provider’s employees, so ask about their policy and assurances for the information you transmit by e-mail. Continue to use TLS between partners and others when possible, but the SaaS provider is still a man-in-the-middle. If your application warrants it, use public-key encryption for e-mail to mitigate this risk.
Quarantine processing could potentially be an issue, since it will all happen remotely. If your user base is geographically distributed, then perhaps that’s an advantage.
Message filtering is just another component in the conga drum line-up. Messaging doesn’t interact with other systems while in transit.
For many organizations, the use of a SaaS provider for message filtering will make lots of sense. I fully expect SaaS providers to continue to capture market share from appliance and software providers, especially in the SMB space. I should also note that some will opt for open-source solutions such as SpamAssassin, which is the basis for some commercial offerings. However, to make this an effective option requires devotion to ongoing tuning. Many will prefer to leave that to the SaaS provider who has the benefit of seeing millions of messages a day and can react quickly to emerging trends.