CA Anti-Spam 2007 - About as Relevant as Meat in a Can

The product installed without issue and required little attention. The user is asked to accept two license agreements (one is CA's and the other is a GPL license) and is given the option to install two items: the antispam software and another product called Web Inspector, which is CA's phishing filter.
[caspam_install_webinspector.jpg]

There was no registration option in my installation, perhaps because I purchased it direct from CA. I was, however, prompted to install the Yahoo toolbar and to make Yahoo my default search engine. The check boxes need to be manually cleared on this screen, so if you don't want to Yahoo, pay attention to the (installation) wizard.

The installer wrote about 48 MB to the hard disk and created 576 registry keys. The uninstaller cleaned the hard disk very well, but while it deleted all but one registry value, it left most of the registry keys behind, removing only 69.

The Website Inspector integrates with the web browser cleanly and worked effectively. It functions as a phishing filter, checking each site you visit for validity. It did a good job of warning me when a site's credentials weren't up to par, though performance was a bit sluggish, which could have been due to the fact that the filters of both IE7 and Anti-Spam were running.

The most interesting feature of Website Inspector is the link pop-ups, which evaluate links on a page for validity. By hovering over a link, you engage the Website Inspector, which will display a small information box with site information. The feature will provide feedback using color and text depending on the validity of the link's target site. I thought that the feature would get annoying after some use, but actually I found it unobtrusive and quite helpful. So many times, words are hotlinked and hovering over the link just provides the URL in the toolbar but not much information about the target. This feature gives instant information about the target site and actually enhanced the browsing experience.
[caspam_websiteinsp_linkpopup.JPG]

The UI for Anti-Spam is entirely accessed through the email program you're using. In my testing, I used Anti-Spam through Outlook Express (OE) on Windows XP. The application integrated very cleanly with Outlook Express and actually looked and behaved as if it were a part of the application. The dialog boxes and behaviors, while separate from OE, operated consistently with the application. Of course, with Anti-Spam installed, I now had two separate search providers. But CA did a good job of keeping its search feature separate enough from OE's that they didn't overlap or conflict with each other from a usability standpoint. Given the way search works in Outlook, I'm not sure the same would be true if I used Anti-Spam though that application.

Anti-Spam uses client-based HTML help (it will open in your browser but doesn’t require Internet access). The help system seemed adequate to the application. It wasn't excessive (which I think is a good thing when it comes to help systems), but it provided basic tutorial and support information.
[caspam_help.JPG]

The Website Inspector interface is a toolbar that is available in the toolbar section of the browser (I tested this on Internet Explorer 7). When you visit a site, a green box will tell you if the site is verified by CA as a safe site. Another box to the right will provide information about the site such as name, address of the site owner (if available), and the country where the server the site sits on is located. Finally, the toolbar also provides a button that enables you to report the site as malicious or verified. This information is used by CA to build their verification database. Clicking the CA button allows you to set options, such as password and personal data management, enabling or disabling sounds, managing the suspected countries list, and managing approved sites.
[caspam_websiteinsp_toolbar.JPG]

Clicking the verification box opens another dialog box with more information about why the site is verified. Particulars include that the ownership has been identified (or not identified), that the site is active or inactive, that the site is or is not located in a country that is not suspect of abusing spam and that the site is or is not on a blacklist.
[caspam_websiteinsp_verifyinfo.JPG]

The interface integrated unobtrusively with IE7's phishing feature. In a real-world scenario, I wouldn't have both running as it undoubtedly affected performance. But for the sake of my testing, I thought IE7 and Anti-Spam's filters complemented each other.

Overall, the interface items are clear, uncluttered, and do the job they're supposed to do well.

There certainly is nothing groundbreaking about the Anti-Spam's interface. Like OE, most of the interface is very basic and functional to the point of being average. As I alluded to in the Features section of this review, the search provider is fairly uninteresting, particularly when compared with the products being produced by Google and Yahoo. The Anti-Spam functionality didn't appear to integrate into the OE status bar, which would have been a plus.

I did notice that there weren't confirmation dialogs where I expected them. For example, clicking the Clean Current Folder option in the toolbar immediately launched the cleaner and the application began working through the email in my inbox. I expected a confirmation box asking me if I was sure I wanted to clean my folder (which, it seems to me, is a fairly invasive operation).

The Security Center interface doesn't do much at all (other than telling you which apps you haven't purchased yet). The only functional role it plays is to provide an additional interface to enable and disable Anti-Spam.

CA Anti-Spam is a component of CA's flagship home offering, CA Internet Security (which is also reviewed here on BrightHub). When you install Anti-Spam, The installer will actually include CA's Security Center. Since the package only includes Anti-Spam, the Security Center shows most of the applications as "not installed." The only issue here is that the red circle with the "X" in it makes it look like there's a problem and that could be misleading.
[caspam_features_securitycenter.JPG]

CA Anti-Spam includes a mail search feature in addition to spam management. When you first launch your mail program after installing Anti-Spam, you are guided through a wizard that enables you to set up which mail program you want to use, search options, and indexing.
[caspam_features_spamwizard1.jpg]

Anti-Spam installs a toolbar into your email application that can be used to instantly and in real time block or approve mail, search mail, and set options.
[caspam_features.toolbar.jpg]

The spam filter operates on a model where senders are first untrusted and the user must explicitly trust senders in order for them not to be filtered. The mail is put in a protected "quarantined" folder where the user must explicitly trust the senders. When I first set up my POP3 account with the spam filter running, all the mail was immediately filtered (it could have been because I didn't have any addresses in my address book).

Once senders are trusted or blocked, they can be managed using utilities available from the toolbar. The Approved Senders utility lists all senders you've explicitly approved and allows you to delete users from the list and even change properties like the listed name or the email address. You can add new names and addresses from this dialog box as well. The utility includes a useful tool that scans any specified folder for approved senders. If you point the tool to a specific folder that contains mail, the tool will grab the addresses from that mail and add them to your approved list. From this utility, you can also export and import approved addresses and search for names or addresses.
[caspam_features_approve_senders.JPG]

From the Options menu, you can modify how Anti-Spam warns you of issues, set a scheduled for reminders, modify search options, and turn features off and on.
[caspam_features_options.JPG]

The level of control seems appropriate for an application of this type. One interesting option that CA included is a spam-scoring utility. This allows you to "train" Anti-Spam to assign a number to incoming messages that is the relative probability that the message is spam. You can then tell Anti-Spam to automatically block messages with a certain score and above and automatically approve messages with a certain score and below. Training involves pointing Anti-Spam to a specific folder or folders with known spam and pressing the Train button. Anti-Spam then uses internal algorithms to determine how to rate incoming mail.
[caspam_features_spamscore.JPG]

The Web Inspector's link evaluator is interesting and probably the most innovative feature in the package.

Unfortunately, Anti-Spam doesn't work with HTTP mail through Outlook Express. This seems like a big oversight particularly given the audience. Still, since most web mail is  already spam filtered at the server, perhaps the usefulness of a client-side spam filter is attenuated.

The biggest deficiency I see with the product is the lack of an attachment manager. All attachments, even those in mail marked as spam, are active and "clickable." Other modern virus and spam programs will deactivate attachments and embedded images for a number of reasons. Images in an email, for example, can be used as a beacon for spammers informing them that an email account is active. When a user clicks on an HTML email with embedded images, even to preview it, the email application has to go out to the source server to retrieve the images (just like a web page has to do). Spammers can use this round trip to detect the source email address and log that as an active account to which it can send more spam.