In addition to the uncertainty in respect to server performance of rules, there is the question of end-user diligence and patience. Ultimately, only the users can truly decide if a message sent to them is spam or not. At the same time, allowing each user to make that determination is time-consuming, frustrating and not dissimilar from non- filtering as the mailbox users must still sift through their messages to determine if they are getting false-positives. Unfortunately, Exchange 2003 and Outlook 2003 do not combine tasks in that the information collected by end-user filters cannot be shared or leveraged centrally. In addition, some of the features in Outlook such as body and subject searches cannot be implemented on the server-side without third-party tools.

Outlook comes with four settings that each individual user can set within their own Outlook profile. The lowest-risk feature is called No Protection and is set by default. With this setting, Outlook will only “block” messages based on specific domains or senders the client has already determined as a junk sender. In other words, if John gets a message from farmgirls.com and adds a filter, he will no longer get messages from farmgirls.com. The effectiveness of this feature is low since most spam’ers change their sending domain names regularly or they spoof sites and use fake return addresses. The second level; Low scans messages against the lists you have provided, as well as searching the subject and body fields for specific words and phrases hard-coded into Outlook. We had hoped that this file could be modified and centrally managed with the new version of Outlook, but unfortunately it cannot. While you cannot directly modify the content rules, Outlook offers the ability to change the aggression level of filtering as indicated by four options. For example, if you still have a great deal of incoming spam and notice no false-positives in your Junk E-Mail folder, then you may want to increase your scanning level to High. After you choose this setting, watch your Junk E-Mail folder very closely as you will likely need to add exceptions to your Trusted Senders lists in order to allow questionable messages to come through unscathed.

The highest scanning option for Outlook is one that will likely not be used very often. The Trusted Lists Only option, will filter every message unless the user is in your address book or in your Trusted Senders or Trusted Recipients list. If you do business with company.com, you can easily add that entire domain to your “Trusted Senders” list. Also, if you want to receive mail from someone at aol.com, you could add aol.com or the individual email address to the “Trusted Senders” list. The drawbacks to this setting are obvious. Unless you have specifically opened a domain or user account within Outlook, the message will be filtered. Moreover, the setting as the others will likely present some confusion and additional work for the end-users as they are now totally responsible for their own false-positives as well as identifying junk mail or filtered mail.

As you can see, Outlook junk mail filtering has improved, but certainly not complete. Unfortunately, we cannot leverage filters learned from the Outlook session for the good of all, the keyword phrases cannot be modified and while the users can identify and block sending domains and sending SMTP addresses, this function is ineffective since spam senders change IP address, domain name and message content and phrases quite often. Spam senders are highly effective in camouflaging word they know will be caught in generic filters; Viagra will become v1agra, vi@gra, v-i-a-g-r-a and at least twenty other forms. Moreover, these changes occur weekly as the spam senders think of new ways to sneak into your environment.

Exchange 2003 Anti-Spam tools

Exchange 2000 provided the ability to block messages based ion the sending domain and sending IP address. A diligent Exchange 2000 administrator could inspect incoming messages, collect the sending server’s IP and domain and build a block list in Exchange 2000. It was by using these settings that many of us began to learn how the spammers operate. Email marketing companies often operate out of a small or home office and in countries with fast network links. The most prolific spamming companies must constantly change server IP addresses in order to confuse spam filters. The IP address you blocked last week will probably never be used again. Understanding this, and the difficulty in allocating new lines, the spammer will acquire a DSL or network link with a bank of IP addresses. In theory, 32 IP addresses should provide a month’s worth of spam if the IP address, server name, sending domain, and messages are changed every day.