Wednesday 12 March 2008

Hosted versus In-House

We recently came across an article that weighs up the pros and cons of each. I specifically wanted to address the questions for the Hosted Exchange provider.

The article is here:

The questions it poses are below; i've answered each one if taking the Hosted Exchange Solution provided by Cobweb.

1. Does the hosting environment allow multiple hosting clients to have contacts with the same e-mail address? (This question can be restated as: how does the hosting software deal with SMTP address collisions?)

The answer is yes _and_ no. Active Directory cannot support two objects with an identical proxyaddress, and unfortunately the OAL is built based on objects having this attribute. The solution is to remove the proxyaddress, giving the contact just it's targetaddress attribute. This allows the exact same contact to exist in multiple customers OU's, but will remove the contact from the OAL. We have been working with Microsoft on this issue, and a resolution to this is promised in the next version of Active Directory/Exchange.

2. Does the hosting environment allow you to share SMTP address space, either as a master or as a slave environment, with a hosted SMTP domain? (This question can be restated as: can you do a step-wise migration, or do you have to migrate all mailboxes at once?)

Yes we have supported this for around two years. We can share SMTP address space and either pass mail over VPN tunnels or over the Internet using SMTP over TLS. We also provide SMTP over the Internet for customers that are not concerned about potential internal mail being sent in clear text across the Internet. In all cases we suggest TLS/VPN solutions, which we manage with the customer and help setup.

3. Does the hosting environment support Deleted Item Retention? For how long? Does their deployment environment set the DumpsterAlwaysOn registry key for Outlook? (This question can be restated as: what happens when someone deletes something they didn't mean to!)

We support DIR for 14 days (two weeks), we also keep deleted mailboxes for 31 (effectively 1 calendar month), of course all mailboxes deleted after this time are still recoverable from our backups.

4. Does the hosting environment support Deleted Mailbox Retention? For how long? (Restatement: can I easily restore the mailbox if my company administrator deletes a mailbox by mistake?)

Answered above.

5. Does the hosting company do backups? How often and how long do they retain them? Can they do single mailbox recovery? (Restatement: if the hosting company has a "disaster" can they recover my mailboxes? Also, if the timeframe for Deleted Mailbox Retention has expired, can I recover the company president's mailbox from last month?)

Again partially answered above, we keep monthly backups for 7 years (yes 7 years). We can restore a mailbox to any given day in the past 4 week window - after that we keep one full backup per month.

6. Does the hosting environment support journaling? What are the data-retention options for the journal mailbox? Can I have an external interface to a journal solution?

Cobweb supports Journaling, we can Journal your mailboxes and send them to an external solution of your choosing (we have no control of this data - you ensure this provider can do the job), or we can Journal your mail ourselves. we use Zantaz EAS and support envelope journaling. We have default plans of 1, 2, 5 and 7 years. We can also provide custom retention policies. This is searchable using a built in Zantaz EAS plugin, which retrieves the archived mail from your own personal document store over SSL.

7. Does the hosting environment support catchall mailboxes? (This is simple a feature that some companies use. Others don't.)

We don't support this, we could but I can honestly say i've never had any customers require this

8. Does the hosting environment have a decent anti-spam solution? (More than the Outlook Junk Mail Filter!) Does the anti-spam solution support individual mailbox quarantines? If there is a false-positive, how can you get your file/message delivered?

We use MessageLabs as standard for all Hosted Exchange mailboxes. We also use Antigen for virus detection on the actual Exchange Servers themselves - supporting 4 AV engines.

9. Does the hosting environment allow you to truly white-label their services? (Restatement: can you have a custom OWA URL? Can you have a custom RPC/HTTP URL? When you connect to an SMTP virtual server, does it say YOUR domain name?)

Yes you sure can, although there is of course an extra cost associated with this.

10. Does the hosting environment allow you to have custom OWA themes? Does it support OWA segmentation

We support OWA segmentation, we base this around our own custom mailbox plans. We can support custom OWA themes but so far we have not had any customers require this.

11. Does the hosting environment support SPF and/or Sender-ID incoming? Does it require it outgoing? Can you decide or are you limited to their default?

MessageLabs support SPF, we don't use Sender-ID within the Exchange Org, we help customers setup their own SPF records.

12. Does the hosting environment support SSL for OWA? TLS for SMTP? Form-based authentication for OWA? Two-factor authentication for OWA and for Outlook?

SSL for OWA with FBA - Yes
SMTP over TLS - Yes
POP3S - Yes
RPC over HTTPS - Yes

We currently do not provide two factor authentication processes.

13. Does the hosting environment allow you to specify on a per-user basis who gets EAS (ActiveSync)? Blackberry services? Goodlink services?

Yes, which user gets what is entirely customisable via the customers Portal Administrators.

14. Does the hosting environment allow you to create custom address lists?

Currently no, this is something I want to bring into our Exchange 2007 offering. Support for 3 to 5 custom address lists is what I want to achieve.

15. Does the hosting environment allow you to force an Offline Address Book (OAB) update?

Yes, this is done simply by modifying a user in our Portal, we then automatically set instructions to rebuild your OAL.

16. How is disk space aggregated? Is each mailbox billed separately? Is the company/domain aggregated together? Can different mailboxes have different default allocations? Can you manage the limits? Can you get disk space reports? Can you create/manage a "Mailbox Manager" policy for your domain?

Whilst I cannot answer any billing questions, I can state mailbox size is highly configurable. Bought two mailboxes with the default of 200mb each for you and your secretary? Don't need that space for her? No problem, take space off her mailbox and assign it to yourself or your public folders.

17. What are the hard limits on mailboxes sizes?

We don't have any, we do warn (due to current limitations in certain administration tools and tasks) against going over 2GB.

18. Does the hosting environment run a gateway anti-virus solution? An information store anti-virus solution? A file-based anti-virus solution? If there is a false-positive, how can you get your file/message delivered?

MessageLabs for the gateway, Antigen on the servers. Customers get their own Spam Manager Portal to login and check any spam messages that have been quarantined.

19. Does the hosting environment support "Send As" permissions and "Send On Behalf Of" permissions? Can you manage this yourself?

We do support this yes, our existing Portal does not support this feature, our new Exchange 2007 Portal will support this.

20. Does the hosting environment support LDAP access to your address books?

No, however watch this space.

21. Do you have access to SMTP log files? Do you have access to message tracking log files?

SMTP protocol logging is turned on and off by Cobweb as/when there is any possible issue. In regards to access to Message Tracking, the answer is no. However this is something I want to incorporate into our Portal.

22. What is the maximum incoming message size? The maximum outgoing message size? Can you adjust it?

20MB, customers cannot adjust this currently no.

23. What is the maximum number of message recipients? Can you adjust it?

500, this is not configurable.

24. Does the hosting environment support public folders? How many? How big? Can you mail-enable public folders?

We support Public Folders yes. We also support mail enabling them.

25. Does the hosting environment support an interface to SharePoint services?

We current offer Sharepoint 2.0. We are launcing our new Sharepoint 3.0 service sometime over the Summer.

26. Does the hosting environment allow for external SMTP relays by IP address? What about by authorized users?

We support this yes.

27. Does the hosting environment allow for POP-3 or IMAP users to access Exchange mailboxes?

This is configurable by the customer within the Portal.

28. Does the hosting company offer a network Service Level Agreement (SLA)? Does the hosting company offer an Exchange SLA? Does the SLA have any teeth?

Check for our SLA, I believe currently it is 99.9%, which we meet.


Oliver Moazzezi

MVP - Exchange Server


Dan Germain said...

Hi Oli

regarding "Does the hosting environment support catchall mailboxes?"

The reason why catch-all isn't a suitable solution for a business email service is because of the issue this presents to Anti-Spam services. You can't provide any decent levels of A/S against a catch-all mailbox.

By definition catch-all should collect all incoming email that's not addressed to a specific mailbox and this would collect a _LOT_ of spam!


Unknown said...

"Does the hosting environment allow you to truly white-label their services?" I know that groupSPARK ( does offer this. Microsoft will not be offering a white label version of its online offering, Does this make white labeling more valuable?

Dan Germain said...

Hi, yes our platform does support white-label partnering and we have a number of partners doing this today.
To whitelabel a platform you need to have generic naming, support for generic and partner branding as required, and appropriate support mechanisms in place. whitelabel is not just about the branding and support of the partner/reseller - it's critical to provide high-levels of service to the end user regardless of the partner in the middle. Many of our partners choose to "partner with ABC" rather than try and pretend that they are providing the platform. Much of their credibility come from the fact that they are running services from a large secure platform and they benefit from the scale of the provider.

Dan Germain said...

>> Microsoft will not be offering a white label version of its online offering, Does this make white labeling more valuable?

- Yes, white-labelling is more valuable. Have a think about where the problems are with running a hosted platform - providing technical support 24/7, managing capacity, high-availability - and you can see why it's difficult to run your own platform. The fact that Microsoft aren't offering this to smaller providers/resellers makes whitelabel platform much more valuable.
In addition to this, proper whitelabel platforms that scale properly and really deliver uptime are actually pretty rare. There aren't many providers out there who have a PROVEN TRACKRECORD of running platforms with 30,000+ mailboxes. There are some serious challenges to over come when doing this.


Matthew Van Sickler said...

Regarding duplicate contacts in the OAL - you shouldn't remove the proxyaddress, but just change it to a bogus value. This allows the contact to show up in the OAL but mail still gets to the correct targetaddress.

Daniel Noakes said...

Hi Matthew

We do actually prefix the proxyaddress (and mail) attribute of contacts with a unique ID (e.g., so it shows up in an OAL.

For users within the ExchangeOrg the email is delivered to the targetaddress ( of the contact, which we do not modify.

One problem we experience is when reply to all is used from outside of the ExchangeOrg. The email client will use the information that was in the TO or CC field, which contains the modified proxyaddress. This will not exist on the server hosting the contacts mailbox, so it fails.

Daniel Noakes

Oliver Moazzezi said...

Yep, the proxyaddress on a contact object has been a big issue for us in the past. Especially when someone does a 'reply all' outside of our Org.

Until Microsoft redesign the way they build OAL's there's not much we as hosters can do.


Dan Germain said...

FYI, I talk about similar issues here: