How much is your “free” open source messaging security solution really costing you?


Hosting providers select open source over commercial solutions as they’re free. But are they really free?  Yes, the download is free, but how about managing and supporting the system. Is that free? And if the software isn’t doing what it’s supposed to do, aren’t there costs associated with that?

Ok, here’s the answer. Yes, there are costs associated with each of these. Open source anti-spam and anti-virus software have operational, capital and productivity costs associated with them. Your open source may actually be costing you a lot more than you think.

So what are some of these costs?

Let’s look at one popular anti-spam solution – SpamAssassin. It’s not my intention to bash it – it does what it was designed to do, but it’s not free. For one, it requires a lot of computing resources. And if you’ve built up a solid, mature system with lots of rules, then you need even more resources; remember… each message has to be analyzed by all those rules in as short a time as possible. Company X doesn’t want to hear that its mails are delayed because it takes time to run through hundreds, or even thousands of rules on each mail.

Now multiply that problem by the fact that spam mail continues to grow at a nice healthy pace. You’re going to be writing more rules and checking more emails. You’ve probably gotten used to the fact that each year you need to expand your server farm in order to deal with spam. But this is a cost. And a big one too!

What keeps your servers running?

Have you stopped to analyze the other costs associated with running your servers? Rack space, electricity, bandwidth and of course…humans? You also need more of these to operate and maintain all those nice, shiny, new servers.

Did I hear someone say “open source” and “free” in the same sentence?

Who writes your rules?

If you’ve got staff that’s chasing after spam and writing new rules all the time, well, that’s costing you too. Once you’ve written your rules… who’s testing them? Poorly written rules result in false positives, meaning end-users don’t get the mail they should, or false negatives, meaning end-users have to deal with spam that you were supposed to block for them! How much is this costing in productivity?

Free? I think not.

What about out-going spam?

I’m not aware of open source anti-spam that does a good job blocking outbound spam. What’s that? You don’t have a problem with this yet? Give it some time…

Well, actually…I don’t recommend you actually wait – that could be BAD.

See what happens if your servers send out a spam attack. How long does it take until you’re blacklisted? Who’s going to staff the phones when you get hundreds of angry customers calling in because their e-mail isn’t working? How about the accounting department that has to calculate the cost of customers who have decided you’re not the hosting partner for them. Oh… and how much did it cost you to get removed from the blacklist? Suddenly free doesn’t sound so free anymore, or is it just me?

Learn More

Want to hear more about the subject? Commtouch will be presenting at the cPanel Conference in Houston, Texas, October 5-7. We hope to see you there! If you’re also attending and would like to schedule a meeting with a member of our team, please email us at

Go back