Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   
Fighting Spam with Exchange and Outlook 2003
Page 1 | Page 2 | Page 3 | Page 4
Unfortunately, the built-in tools that are bundled with Exchange 2000 and Exchange 2003 do not recognize sending networks. Third-party spam tools will be required in order to recognize and block spam-sending networks. Having said that, Exchange 2003 does include many more anti-spam tools than its predecessor. Not only does Exchange 2003 include the ability to block domains and IP addresses, but it supports the basic anti-spam tools such as the use of blacklist servers as well as whitelist and blacklist support. In addition, you can also create an Exception list to identify the mailboxes that should never be filtered. Perhaps you have an executive who wishes to handle spam filtering on their own using the Outlook 2003 filters. By adding his/her SMTP address on this screen, you can be sure that no server-based rule will ever filter their messages.

It is also important to understand the difference in respect to the terminology used for fighting spam. Exchange 2000 and 2003 both support blacklistsmeaning the administrator can manually add entries for domains or senders they wish to block. Exchange 2003 now supports the use of blacklist servers. Exchange Server 2003 can compare the sender’s domain against a list of known spam domains located on third-party servers on the Internet. RELAYS.VISI.COM, for example, is a free blacklist server you can use.

While Exchange 2003 does not come with radical ways of fighting spam, there are some management improvements. For example, IP blocking can now be controlled from the same Message Delivery configuration screen, so we now have “one-stop shopping” in respect to server-based filtering rules. Sender Filtering rules is still available, as is the new Recipient Rules filtering. On the Connection Filtering screen, the administrator can add the IP Address(es) of the sending domain to create a Whitelist of acceptable sending domains. From this same screen, the Deny list can be built to block sending SMTP servers or networks. While these tools are very important in blocking and allowing SMTP messages based on IP addresses, it is important to note that messages being forwarded to your domain by a third-party, another domain, or even a server in your DMZ may not be subject to allow, disallow, or blacklist rules since the sending server is one you trust. It does not appear that the Exchange 2003 filtering and IP rules can recognize a trusted SMTP server and inspect the information from the server that sent the message to it. In other words, if you have a send mail or content filtering server between your Exchange 2003 server and the Internet, the IP blocking/allow and blacklist server support will probably not function correctly as all of these review and consider the IP of the (last) sending server and not the original sending server. If this is your configuration, a third-party spam tool may be a better fit for you. 

 
Fighting Spam with Exchange and Outlook 2003 Columnist's Index
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008