Scott Cressman, Email Gateway Security Product Manager at Sophos (, says:

Find the experts: Look for vendors with in-house expertise in spam and malware protection

In today’s world of email security, it is no longer an organization’s job to spend valuable time writing spam rules. The vendor of your solution should own this problem, along with the problem of identifying and blocking malware, with little to no intervention on your end. To do this effectively requires a whole product solution with a team of experts whose sole job is to observe the changing threat landscape and enhance their protection accordingly. Solutions that simple OEM engines and provide a plethora of technical settings are offloading the problem to you, and you have far better things to do.

Threats don’t get in, data doesn’t get out: Find a solution that offers both security AND data protection

An effective email security solution is no longer just anti-spam and anti-virus technology. It enables a business to function by cleansing and securing data transfer across email, which is the communication channel of choice for today’s businesses. In addition to blocking the bad stuff from coming in, your organization has its own set of unique policies it must enforce, including the protection of sensitive data when it shouldn’t leave, and the secure transfer of data that should. To do this a solution must provide DLP (data leakage prevention) and encryption functionality, and it should all be integrated into a single place where you can easily and effectively create these policies alongside your security policies for incoming messages.