Postini Transition and Features not included in the move to Google Message Security
As you begin to evaluate what is happening with Postini it is important to understand what is NOT in Google Message Security. We get asked a lot of what is NOT in the move. Here is the list.
Some Postini features will not be moved into Google Apps email security because they are no longer relevant:
Email proxy – Postini relied on an SMTP proxy, where all transmissions between sender and receiver were relayed through the proxy. The new service processes messages in the Google network before sending valid mail onward. This offers the advantage of lower connection overhead as Gmail sends only valid messages to the customers’ server.
Wireless settings – Wireless settings allow users to forward messages to an SMS number. The feature was developed before smart phones were widely available and now serves little purpose.
Spooling – When your on-premise mail service is unavailable, Postini can spool mail for later delivery. This is no longer needed for customers who switch to Gmail. For on-premise mail servers, Gmail will retry messages.
Password configuration policies – Google Apps supports two-factor authentication. Customers with stringent policies can implement single sign-on (SSO) and whatever on-premise policy enforcement they choose.
Blatant spam controls – Gmail automatically rejects blatant spam at a similar rate as Postini.
Per user settings (spam thresholds, Approved Senders / Blocked Senders) – Gmail automatically learns from users marking and unmarking messages as spam and customizes filtering accordingly. For instance, when users add their contacts to Gmail, messages from these senders will also get more lenient spam filtering. This is simpler, more intuitive, and more reliable than managing approved senders manually in a separate interface.
Specific SPF, DKIM and IPLock policies – These tools require complex management by the customer and are most useful to get around Postini’s limitation on Approved Sender Lists, or a particular sender’s lack of adoption of industry-standard SPF or DKIM authentication methods. Gmail Approved Sender Lists automatically take into account mail authentication by default.
Admin and end user spam sensitivity and category controls – These have limited effectiveness in the modern spam environment and can raise false positive rates.
Black hole disposition – Black hole disposition is a violation of the SMTP specification. With poorly-written filters that generate false positives, black holes provide no recourse to the sender. There is also little evidence to suggest spammers glean any intelligence from seeing rejections.
Industry heuristics – Industry heuristics were developed in an earlier era of the spam threat environment. The rules were used to provide preferential treatment for legal and financial services senders but over time have resulted in increased false positives.
Postini (GMS) features not supported in Google Apps
Mail server connection limits – This was important with Postini’s email proxy architecture because Postini connected to the customer mail server with every spam message. Now, Gmail delivers only clean mail to the on-premise system.
Postini SLA – Gmail already matches Postini’s virus protection Service Level Agreement and offers a comparable availability SLA:
99.999% Email Processing Availability – Google Apps offers a 99.9% availability SLA. Gmail is highly redundant and operates at a scale much larger than Postini.
100% Anti-Virus Filtering:
Malicious URLs – Today, many of the greatest threats to infection come via URLs instead of attachments. Gmail has greater visibility into malicious URLs than most any provider. Google uses that information to protect our users.
Executables – Gmail automatically bounces messages that have executable file attachments. We do this for many types of executable files (see Some file types are blocked).
Zip files – Gmail automatically bounces messages that contain a password protected zip file within another zip file.
Attachment scanning – Gmail automatically scans every attachment when it’s delivered to the user, when that user opens a message and when they send a message. We attempt to clean attachments so the user can still access the information in the fie. If we can’t clean it, the user can’t download it. (see Anti-virus scanning attachments).
Content Manager, Outbound activity log – This feature has a limit of 500 entries. As a result, it provides limited visibility to corporate compliance to content policies.
Quarantine summary branding – This feature was not widely adopted by Postini customers. Google Apps provides some branding customization in the web interfaces of the various tools.
Administrator access to end user quarantines – This will not initially be available in the Google Apps platform.
Note: The Quarantine Summary, which is targeted for release in Q1 of 2013, will be available only for customers using on-premise mail systems.
Postini (GMD) functionality not included in Google Apps Vault
Lotus Notes support – GMD supported the ingestion of Lotus Notes journals. Google Apps Vault does not support Lotus Notes.
Non-Standard Exchange Journal ingestion – Google Apps Vault will only accept standard RFC 822 mime/multipart journals with journal reports in text/plain or text/html mime parts. Vault will not accept journals in application/MS-TNEF file format, nor will it accept BCC forwarded messages to the journal address that’s not in wrapped in a journal format.
Alerts on Exchange Journals – Initially, Vault will not have capabilities to track Exchange Journal flow from a customer’s email server and alert the customer admins via email on events (for example, a sudden stop to mail flow, or a sudden change to misconfigured journals).
Exports as PST – GMD supported both MBox and PST exports. Google Apps Vault supports MBox only for email.
Saved search results – GMD supported the ability to save searches and save search results. Vault supports saving searches, but not results. To save results, users must export the data set or create a targeted legal hold (when available).
Message size – Google Apps Vault is built on Gmail. Gmail can accept messages up to 25MB in size, so users are limited to 25MB per message.
My Investigation – This feature is no longer supported. Users wishing to run searches for discovery or an investigation or to place a legal hold must create a matter in Vault. This is equivalent to running a search through a named matter in GMD, and Google will transition each users “My Investigation” to Vault.
Lookup – The GMD specific feature to look up a user’s address is no longer supported, but Vault still enables users to find specific IDs. Vault automatically looks up a user-ID as you type it in a the search box.
Company directory panel – In GMD, you could search for a user’s identity, which included all email addresses and aliases registered for that user on your message security service. This type of search is no longer supported in Vault.
Secure FTP transfer – GMD enabled secure FTP transfers of exports from the interface. Vault does not support this feature. However, in an upcoming release, Vault will enable you to manage exports in Drive, which will eliminate the need for FTP file transfers.
Manual archive purge – While GMD supported manual purging of the archive, Vault only supports an auto-purge of data from the archive. However, Vault will automatically reconcile multiple retention periods on a given document as well as any legal holds.
Sorting results by date, from, to, and subject – In Vault, sorting is limited to sorting results by date.
Mail flow search – The feature is being retired and is not included in Google Apps Vault.