Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   

Using Exchange Server components to fight SPAM
Page 1 | Page 2 | Page 3 | Page 4 | Page 5

The SPAM Problem

Anyone who has had an e-mail address more then a few months should be familiar with spam. There are many different types of spam, from those annoying chain letters to the sexually explicit e-mails advertising porn sites. The technical issues related to filtering out spam are very complex due to the many different techniques spam companies (spamers) use to try to prevent their spam from being blocked. The main issue preventing organizations from filtering out spam is the desire to not filter out legitimate e-mails. For example if someone receives a chain letter from a friend you wouldn?t want to filtered out all future e-mail from that user. It is also very important not to filter out all e-mail from a valid mail system, like hotmail.com, even though spam may be coming, or at least look like it is, from that host. So what is needed to prevent 100% of spam is someone who can scan every incoming e-mail and make a choice if it is spam or not, and if it isn?t then forward it on. Of course this isn?t a viable option for many reasons but even if this was possible what is spam to one user may not be spam to another. So in short there is no way to prevent 100% of spam and of course if you want to prevent as much spam as possible you need to automate the process.

This takes us to the real problem, how do you automate the filtering of spam without preventing valid e-mails from being blocked. If all spamers sent their spam from a host like spamer.com it would be very easy to filter the spam. But it is their ?job? to make sure their spam gets to you because they get paid by the number of e-mails they deliver. So the spamers use many different tactics to get past automate spam filtering software. Here is a list of some of the common tricks the spam companies use:

  1. Forged From and To addresses
    • You will often seen e-mail coming from what looks like a valid address, like user@hotmail.com, but some times it will be just ?Undisclosed Recipients.?
  2. Forged sending server DNS name
    • It is common for the DNS address of the host that sent the message in the message header, the area of a message that contains data on where it came from and many other message properties, to look like it came from a valid host.
  3. Relaying messages off of a legitimate SMTP server, one that is not owned by the spamer
    • If a company leaves their SMTP server open for relaying, which is disabled by default in Exchange 2000 but not in Exchange 5.5, a spamer can use their server to actually send out their spam. When this is done the sending server DNS name and IP address are both shown as this ?valid host?. It is a very common procedure for spamers to use this tactic and there are even several software packages being sold that automate the process of finding and using servers that are left open for relaying of email.
    • See the reference section at the end on how to prevent your Exchange server from relaying such e-mail.
  4. Automated process that use valid e-mail address from sites like of yahoo.com, hotmail.com, etc
    • These automated programs used by the spam companies sign-up and create e-mail accounts at one of the many free e-mail sites out there and then use these accounts to send their spam.
    • The only way to prevent this type of spam is by using content filters since you can?t, or at least shouldn?t, block all e-mail from these free e-mail sites.
    • Luckily most of these sites have automated systems themselves to detect such activity and shut down the account before it is used to send too many e-mails, if any.

The Solution

So now that you know a little more about the tactics the spamers use lets look at a few solutions to reduce the about of spam your users received. There are several different ways you can attack the spam problem. The two basic approaches are from the client or server side.

On the client side many mail applications now have some level of spam filtering built in. Outlook XP, and earlier editions, has the ability to check for keywords in the To, From, or message Body and if these keywords are detected Outlook can then carry out actions on the e-mail, like deleting or placing it in folder besides your inbox. Outlook and many other mail clients also have the ability to setup message rules that check messages for content and then carry out an action on the message. These rules can also be used for filtering out spam. Beyond the built-in spam filtering ability of your mail client there are several client side add-ins that include spam filtering functionality. Some of these support complex contenting scanning, looking for keywords in the message, comparing the sending e-mail address or host against a list of know spam senders, friends and enemies list, and more. I personally have been using a product called IHateSpam, which is a client-side add in to Outlook, for a few months now and have found it very effective.

The other solution is setting up server side software to prevent spam e-mails from ever getting to your users. There are many different commercial packages available to help filter spam on the server side, see the reference section at the end of this article. The server side filters support the same functionality as the client side filters out there but with the added benefit that your users and network never have to see the spam messages that are filtered out. It also just so happens that in Exchange 2000 Microsoft has made it possible for the average coder to add spam filtering ability to Exchange, which is the solution the rest of this article covers.
 

Using Exchange Server components to fight SPAM
Page 1 | Page 2 | Page 3 | Page 4 | Page 5

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008