ESET Mail Security for IBM/HCL Domino reaches full End of Life on July 31, 2026. The replacement question is two questions. First, on-server or cloud gateway. Then, which vendor inside that category. This page is the honest side-by-side, including where we are not the right answer.
This is our product. We will keep the description factual and tell you where it is not the right fit. SpamSentinel is, as far as we know, the last actively-maintained on-server Domino mail security product, which is why this section has one entry and not three.
Native install on HCL Domino. Spam filtering, anti-phishing, anti-malware, macro blocking, InboxGenius.
Acquired by DuoCircle from Maysoft in September 2024 on the explicit condition that we take care of the existing customers and not damage what was built. Running on Domino since 2003. Same architecture as ESET (Domino-integrated application). The smallest possible migration: install alongside ESET, configure while ESET is active, swap with a notes.ini edit and Domino restart, decommission ESET. No MX changes.
Lots of vendors compete here. All five below run as MX-based gateways and work back-end agnostic, so they sit in front of Domino without platform-specific integration. We have a strong opinion that this should be a deliberate architecture choice, not an accident. We do not have a strong opinion about which of these is best for you.
Strong threat intel, recognized brand
Strengths. Strong threat intelligence from Proofpoint research. Mature quarantine and policy controls. Recognized brand if your security committee insists on a name they know.
Caveats. Pricing typically opaque and quoted per organization. For shops under 100 to 200 mailboxes, total cost of ownership often runs higher than smaller-mid-market alternatives.
Bundles archiving and continuity
Strengths. Broad, mature feature set, especially if you also need email archiving or business continuity. Strong reputation in regulated industries.
Caveats. Pricing tends toward the higher end, especially once you add archiving or continuity. Product surface is large; if you only need to replace ESET's scanning, you may pay for capabilities you will not use.
SMB and mid-market default
Strengths. Reasonable mid-market pricing. Recognized brand in SMB and mid-market. Bundled offerings if you also need backup or archiving.
Caveats. Detection quality varies by tier; lower tiers are not always competitive with multi-engine alternatives. Sales motion can push you up tiers more aggressively than some shops want.
Combined inbound + outbound encryption
Strengths. Combined inbound security and outbound encryption in one product. Reasonable pricing for the bundled feature set.
Caveats. If you only need inbound replacement for ESET, you may pay for outbound encryption you do not need. Less established brand than the larger competitors.
Our own gateway product
Strengths. Multi-engine detection (Vade Secure, Sophos, Halon Classify, Webroot BCTI). Time-of-click URL protection. Self-serve 60-day trial, no sales call required. Public pricing.
Caveats. If you want an on-server replacement for ESET, you want SpamSentinel, not Phish Protection. Different architectures, different products.
Not relevant for Domino: Avanan (Check Point Harmony Email) and Vade are API-based products that integrate with Microsoft 365 and Google Workspace via vendor APIs. They do not have a meaningful HCL Domino integration. We are mentioning them so you know not to chase them as ESET replacements for a Domino environment. If your ESET migration is paired with a move to Microsoft 365, they become candidates for the M365 environment.
The "doing nothing past July 31, 2026" row is in the table on purpose. It is not a recommendation. It is the line item your auditors will see.
| Product | Architecture | Domino-native | Domino-compatible | Maintained for Domino | Pricing |
|---|---|---|---|---|---|
| SpamSentinel (DuoCircle) RECOMMENDED ON-SERVER | On-server, native | ✓ | ✓ | ✓ | Talk to us |
| Proofpoint Essentials | Cloud gateway | no | ✓ | n/a | Quoted |
| Mimecast | Cloud gateway | no | ✓ | n/a | Quoted |
| Barracuda Email Protection | Cloud gateway | no | ✓ | n/a | Mid-market |
| Trustifi | Cloud gateway + encryption | no | ✓ | n/a | Mid-market |
| Phish Protection (DuoCircle) | Cloud gateway | no | ✓ | n/a | $19 per user/mo |
| Avanan / Check Point Harmony | API (M365 / Workspace) | no | no | n/a | Mid-market |
| Vade | API (M365 / Workspace) | no | no | n/a | Mid-market |
| Doing nothing past July 31, 2026 | Unsupported on-server | no | n/a | no, frozen since 2023 | Audit exposure |
Four questions. Each one narrows the shortlist. By the bottom you have one or two products to evaluate, not ten.
On the EOL clock: SpamSentinel is the fastest path (3 to 5 weeks, no DNS changes). Self-serve gateway products like Phish Protection can be in pilot the same week you start. Sales-led enterprise gateways take longer purely on procurement, even before any technical work begins.
SpamSentinel is the right fit (staying on Domino, lowest-risk migration): request a SpamSentinel quote. Same-day response from an expert who has actually deployed it on Domino.
Evaluating the gateway path: any of the five gateway vendors above will engage with you directly. We will tell you honestly when one of them is a better fit for your shop than our own Phish Protection.
Want the full technical playbook for ESET to SpamSentinel migration: see the migration guide.
Want the EOL context and the verified ESET timeline: see the End of Life page.
Request a SpamSentinel quote. Tell us your Domino version, your user count, and what else you are evaluating. If we are the right fit, we will tell you. If we are not, we will point you at the vendor who is.