Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
   
Fighting Spam with Exchange and Outlook 2003
Page 1 | Page 2 | Page 3 | Page 4
We have learned over the years that the correct defense for fighting virus outbreaks requires more than one solution. The client and server must have logic installed to detect virus patterns, and the same is true for a comprehensive battle with spam and unsolicited mail. With Outlook 2003, we are provided with much more sophisticated anti-spam tools that allow the end users to define their own tolerances and manage the deletion of messages and processing of false-positives. While this does save the administrator from certain management of spam messages, the load on Exchange Servers will increase while the same amount of messages are received, and end-users are still required to filter and sort junk mail, albeit with better management tools.

On the Server front, Microsoft has indeed made headway in providing support for blacklist servers and override support for internal SMTP addresses. One of the most powerful features of the server-based filtering is the ability to archive or delete messages. Should you choose to delete messages that are filtered due to server-rules, you can stop the messages from entering the Exchange stores and limit the number of junk messages the users must sort through. Another awesome feature is the ability to drop sessions from known spam senders. With a fairly simple script, I can find the valid SMTP addresses in your network by using random or known words within an SMTP session. Your SMTP server will indicate “recipient OK” when I hit a match and I can add it to my spam list. To thwart this, we can tell Exchange to drop the connection if a match is made against the Senders list. As cool as this feature is, it does require that the sender continue to use the name we identified and will not work for spoofed domains.

Summary

Microsoft has improved the spam fighting tools in both Outlook and Exchange Server, but the new features fall short of a complete solution. From, the server side, there is no detection of spam networks or any way to globally filter messages based on content. The 2003 versions of both programs provide the administrator with a base set of tools to help get spam under control, but contain only newer revisions of features that were included and seldom used in earlier versions. Fortunately, Microsoft has extended the new Anti-Virus API in Exchange 2003 to allow third-party vendors to develop their own Exchange Server snap-ins to embrace and extend the base-set of components provided with Exchange Server 2003. Specific features that can be provided by third-party vendors include management tools for archived messages, support for forwarding servers, detection of spoofed domains, a comprehensive list of subject and body text filters, the ability to dynamically update the filter engine and filters list, web-management tools with statistics, and much more.

 
Fighting Spam with Exchange and Outlook 2003
Page 1 | Page 2 | Page 3 | Page 4

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008