UK HE Mail Filtering and Archiving Survey

In January 2011 I surveyed IT Directors in FE and HE on their approach to email filtering (scanning for spam, viruses etc) and archiving. The results of this survey will feed into a discussion at our IT Committee (IT governance body) later today. 33 responses were received, mostly in the first couple of days. 31 of these were from Higher Education institutions - so this is effectively a survey of mail filtering and archiving in HE only. Read on for an analysis of the responses, qualitative feedback from the respondents, and my conclusions.

At Loughborough our current approach is to use Google's built-in filtering for students and alumni, coupled with in-house filtering on our mail routers with SpamAssassin and ClamAV - and Forefront on our Exchange servers for staff. We also operate a locally developed archiving solution for staff which grew out of a JISC project on records management (see our EDUCAUSE 2007 talk on email archiving by Garry Booth, Graeme Fowler and Carys Thomas) and Kochi, an innovative solution to the problem of targetted "spear phishing" for users' passwords (see Graeme Fowler and Mike Cardwell's Kochi presentation to the UK Network Operators Forum).


Survey Responses










Qualitative Feedback

"Approximately 18 months ago, we moved to Google Mail."

"Considering using Archiving in Exchange 2010 as we roll this out for Staff only. We use Live@EDU for students. Likewise students spam filtering is conducted by Live@EDU. We use C2C Email Archiving and Compliance for staff email archiving"

"We use: Exchange Archiving System from Autonomy"

"C2C ArchiveOne is our current solution we did however purchase CommVault Sympana suite but after many false starts drop this in favour of C2C as the maintenance costs and limitations of CommVault outweighed the capital investment required to change."

"SpamAssassin is used to 'score' incoming messages. Actual filtering is set by user either via Exchange or via client based on spam score. Sophos PureMessage is used on Exchange for internal AV protection (but all email originating from outside the organisation is scanned by ClamAV)."

"We are currently running a pilot service with the aim to role out to all staff once our records management policy has been agreed."

"ICritical is an excellent and flexible product. They do have a hosted archiving option as well which we don't use but are considering."

"We tried EMC emailXtender for about 3 years but our users really couldn't cope with the concept and our records management people weren't too impressed with the product either. We now use exchange managed folders to give some the ability to keep mail for prescribed periods and just provide larger mailboxes as appropriate."

"Staff email is through Exchange and Student email through Google."

"Emails automatically archived after 90 days from EMC Clariion to EMC Centerra and held for 7 years. Automatic deletion from Centerra after 7 years."

"Students hosted by live@edu and we don't provide them with any email services."

"Would be interested to know how many people offer encrypted email."

"MailScanner is a set of perl scripts written and supported by Southampton University."

"Student email has already been migrated to Google and we are intending to move staff email this year and will then be using Postini for archiving."

"Webroot has been excellent for filtering staff mail, though not cheap. Student mail is with Live@EDU so subject to Microsoft filtering. Archiving is a can of worms that we will avoid as long as possible."

"We have outsourced our student Email service onto Google Apps and rely on their inbuilt anti-virus and anti-spam protection. For staff, who use Exchange 2010, all inbound and outgoing traffic flows through both Postini and Forefront."


Analysis

The survey results suggest to me that with the trend to outsourced services for student email (as noted by Brian Kelly), institutions in this position no longer feel it necessary to carry out “heavy duty” mail filtering for student accounts – mostly relying on the in-built protection offered by Microsoft and Google with their services.

Mail filtering is still a current concern for staff accounts – those who reported that it was not were typically in the throes of outsourcing staff email too.

Survey responses validate our choice of in-house tools such as SpamAssassin, ClamAV and Forefront for “defence in depth”. The alternatives with significant usage were Webroot and MessageLabs, both externally hosted services.

Just under half the respondents had some form of email archive, suggesting that the true figure across the community is much lower - people who are operating email archives would be likely to self-select when responding to a questionnaire such as this.

It was notable that several institutions only offered their email archive to certain staff members, and the qualitative feedback implied use by departments such as Academic Registries. The motivation for email archiving was an even split between regulatory compliance and records management.

It may be interesting to compare the results of this survey with the historical survey results reported by my colleagues Garry Booth, Graeme Fowler and Carys Thomas in their paper on email archiving for EUNIS 2007:

Survey of UK Universities,  2003 

• 21 institutions responded 
• Only general policies were evident 
• Respondents were backing up their email rather than archiving it 
• No institution was identified which had a well defined email archiving policy  

Survey of UK Universities, October 2004 

• 26 Universities and Colleges responded 
• 22 not archiving email 
• 4 in progress 
• - Two taking a copy of all email 
• - Other two – focus was management of mailbox sizes 

Survey of UK Universities, March 2006 

• 28 Universities and Colleges responded 
• 1 has implemented 
• 7 in progress 
• 20 not archiving email 
• Movement towards installing such systems 
• Focus is technical management of storage, not records management


Quest Archive Manager, Symantec Enterprise Vault and C2C ArchiveOne were the only archiving tools used by more than one respondent. One respondent was using the in-built Exchange 2010 archiving system. One respondent reported confusion on the part of end users of their archiving solution - resulting in a move to a system like Loughborough’s, which uses a shared "archive mailbox".

Conclusions

From a Loughborough perspective I concluded that we should retain our in-house mail filtering for the moment – outsourcing is not presently the norm for this function in our community, and it is clear that our approach is popular and well regarded. We have also won plaudits for Kochi, our innovative solution to the problem of targeted “phishing" emails, and losing this capability would be a step backwards.

Informal conversations with potential suppliers around our requirements indicated that of the major players only Google would be in a position to deliver a cost-effective (for our purposes) alternative to our current in-house archiving solution. However, Google’s Postini product (Google Message Discovery) for archiving was not used by any survey respondents. One respondent indicated that they would be moving to Postini in the future. It will be interesting to see whether the take up of the Postini services starts to ramp up in line with the growth in take-up of Google Apps. However, Google Apps for Education is free, whereas Postini is a chargeable product ;-)

Our email archive is presently a single shared Exchange mailbox with over 500GB of email.  I think we should retain this, but take a look at how it can be split according to School/Departmental lines for improved performance and availability. We also need to improve communication/clarity over the archive's role for records management, as there is some anecdotal evidence that people sometimes use it as a personal dumping ground for email if they have exceeded their quota(!)

We currently run Exchange 2007 for staff, and are just starting up a project to look at Exchange 2010. This offers a number of enhancements including automatic archiving features for regulatory compliance,  “personal archives” as an alternative to large primary mailboxes and PST files on people's hard drives, and greatly improved webmail for users of non-Microsoft browsers such as Chrome, Firefox and Safari. As there were no clear winners from the survey I think it makes good sense that we investigate the Exchange 2010 facilities in the first instance.

Martin Hamilton

Martin Hamilton works for Jisc in London as their resident Futurist.