Product Information

Sophos ES4000





Sophos ES4000


£4,995 for 500 users for 5 years; £7.65 per user (exc VAT)

Quick Read

Strengths: Excellent spam-detection rates, easy deployment, good monitoring and reporting tools

Weaknesses: The hardware could be better for the price, slow management interface

Verdict: This appliance is easy to deploy and manage and gets a gold medal for its impressive anti-spam performance

Rating Breakdown

SC Lab Reviews

Reviews from our expert team

Value for Money:
Ease of Use:


Sophos's email security appliances aim to reduce the management burden without the additional costs often associated with these products as the price includes full, 24-hour global support and all virus and spam updates. Its appliances are designed to deal with many basic monitoring functions, automatically downloading updates and using heartbeat monitoring to ensure they are always up to date.

The ES4000 on review consists of a Supermicro partnership of 1U rack chassis and motherboard equipped with a pair of single core 3.2GHz Xeons and 2GB of PC3200 memory. You get a couple of 146GB Seagate SCSI hard disks and an Adaptec RAID controller card manages them as a mirrored pair. The appliance can handle up to 80,000 messages per hour where it delivers inbound and outbound anti-virus and anti-spam measures, and even if this hardware package doesn't justify its price tag, there does look to be enough power on tap.

Installation was a simple affair thanks to the quick start wizard on the smart web-management interface. The home page provides plenty of information, including charts, graphs and dials showing daily mail volumes, message delays, spam and virus counts.

The extensive use of policies allows for easy customisation as each one contains multiple rules that are applied to selected groups or users. Anti-spam policies contain a target group or user, a threshold of high or medium spam scores and an action to be carried out on offending messages. Behind the scenes the appliance applies an extensive range of standard anti-spam measures augmented by Sophos's IP reputation filtering.

Policies can be applied to in- and outbound mail allowing businesses to enforce acceptable use policies. Mail being sent can be checked for keywords, attachments and unacceptable language, while a watch-list policy can be used to keep an eye on messages being sent by specific groups, individuals or addresses.

Email encryption is also supported as the appliance can communicate with other mail servers that support TLS. Policies for virus-scanning are just as simple to create and can also be applied to selected users. Infected inbound or outbound messages can be discarded, tagged, redirected or quarantined, and a range of secondary actions allows you to add features such as banners or headers to suspect messages.

To test Sophos's anti-spam tools we opted for a live environment and installed the ES4000 in front of our LAN, with a Windows Server 2003 R2 domain controller. We installed Kerio MailServer and configured it to pick up mail from an external ISP and pass it on to a mail client also running on the LAN. This meant the appliance could scan all incoming messages, and we opted to leave it with its default scan settings to see how effective they were. This meant our anti-spam policy was set to quarantine all suspect messages with high and medium scores.

The device was left to its own devices for two weeks and we were impressed to see it delivering a 97 per cent success rate at correctly identifying spam. Users can view their personal quarantine area, and we ascertained that there were no false positives during the test. The appliance monitoring functions were effective as we were summarily advised by email on the odd occasion the appliance couldn't contact the download repository at the appointed time. Whenever we powered the system down Sophos support would send us an email advising that it had lost contact with the appliance. Sophos support can also access the appliance for remote diagnostics, but only if you allow this from the web interface.

Clearly, the ES4000 puts in a fine performance in the anti-spam department, with the default policies delivering an excellent score in our live tests. Reporting is very extensive, with good policy analysis tools, and we particularly liked the fact that the ES4000 is quite capable of looking after itself.

Reviews For This Vendor