Skip to navigation
   
Simon Bisson & Mary Branscombe's Blog
RSS

Spam Fighting in Exchange

By Simon Bisson & Mary Branscombe in Editorial

Posted in Spam, Email on August 6, 2008 at 9:09 am

Permalink | Author Profile

How can you fight spam with one of the most common email servers out there? After all, surely that should mean it’s an easy play for the spammers, with enough holes to get every V1agr4 advert and pump-and-dump scam into your users’ mailboxes.

It turns out it isn’t - and that the built-in tools are effective spam blockers.

If you’re not using Exchange 2007 Content Filter (or Exchange 2007’s Intelligent Message Filter) turn them on. This is one of the most effective weapons in your arsenal. It’s regularly updated, and it scans messages for common spam formats. Mesages are categorised and given spam ratings, which you can use to reject, quarantine, or file messages in users’ Junk Mail folders. CF is surprisingly easy to use - set it up, set the basic filtering rules, and then occasionaly check your quarantine mail box for false positives.

Exchange 2007 has even added whitelisting for persistently filtered false positives. Once a domain is whitelisted, there’s no more delving in the spam folders for Twitter invites or press releases from Kaspersky and Sophos.

I’d been running my server like that for some time, when I discovered another trick that turned out to make a huge difference. Exchange actually supports using real-time block lists (RBLs), which are lists of spam IP addresses hosted by services like SpamCop and Spamhaus. It’s trivially easy to add new block lists to Exchange - just find the lookup address on the block list site (Spamhaus’ is zen.spamhaus.org), and add it and the provider name in the Block List Provider section of Exchange’s anti-spam tools.

Without RBL support turned on I was getting 500 or so spam messages in my quarantine a day, making it hard to filter out the few false positives. With it on, I’m down to less than 100. Managing my spam is a lot easier - and with whitelisting, I’m having to look in the spam folder a lot less often…

–Simon

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

display EEE magic IDF Frauenhofer SP1 SapphireSteel business model enterprise architecture police hardware navigation windows vmware processors international roaming macbook docking station email Adobe no signal secure trends MIX accelerator licensing backhaul webkit robot media center Opteron aws Google IO phone settings Tablet Kiosk Seagate Embarcadero hierarchical temporal memory OQO collaboration 3G ultraportable CES Palladium claims dvi exchange Delphi future in review social networking setup monitor EMC CPU outlook Nuance RSS search service oriented enterprise clean install SBS ruggedized g-2 T-Mobile Pal conference Netscan conferences designer Chrome co-processor merger green IT maps Windows Server 2008 navteq mainframe Safari Sony performance Jeff Jones Enterprise 2.0 TSA instant messaging market share Wimbledon forensics office pen computing CUDA catalyst amazon gabriola identitity Bill Gates Opsware credit crunch design legacy spam evernote Google Sets VSSAdmin windows 7 pre-boot Xen RSA 2008 Tripit mash-up cables gameboard applications eu thin client apps hp microsoft research web 2.0 expo regulation verdana cellcrypt IT value software fonts power supply natural interface goview Intel dual display ubuntu transcoding Internet Explorer ATI geocaching bolt Numenta LiveID power saving iPass Skyfire Java Asus venture capital RAZR android wifi Nokia server wes SMB 2 accessories office politics Tom Hogan management BitLocker interoperability Windows Live information networks vulnerabilities MacWorld 2008 uninstall business continuity i-mate security exabytes geek tourism lawsuit isp iPhone Dopplr wubi data tariff 2009 teched microsoft research DisplayLink Hp 2710p codec business technology optimisation storage .NET history pgp Internet Explorer 8 geneva Moonlight HSDPA numbers it pro GPU public cloud ontier cloud service google online applications pixetell Girl Geek Dinners camera bug microsoft security essentials malware NexT disk space mobile data tariffs annotation TouchSmart Facebook WinHEC web2expo T9 open source national museum of computing Dell BES video Vista patent flash drive Web 2.0 safend todo list legislation mscape traffic hdmi AMD relocation d2c Ray Ozzie control panel ikea BBC moscow ports netbook Jeff Hawkins Trampoline Clear RX mobile broadband AuthenTec Tablet PC IO nvision08 Magny-Cours congestion charge GPL wave dual boot beta server sprawl hacking twitter mobility mobile Linux Netscape Loki whitelist database RIM Tim Berners-Lee hibernation firewall city UMPC mms 2009 wireless USB turing deperimeterization Windows 7 vs Windows Vista HTML 5 adfs windows server 2008 r2 Mini-Note consolidation rc Ask.com politics streaming media netbooks anti-virus usb Gartner Visual Studio social engineering media christmas IT automation insert SIM IBM distributed computing Mono Linux security paradox OFCOM Trolltech education terabytes mobile Windows Mobile old software deborah adler power workflow development Live Mesh project WWW mobile network images installer hard drive Palm lost server training calit2 ucsd system center voice people Qualcomm rtm hold music upgrade futura bugs smartphone tennis keyboard green printing data centre SSD Barracuda utilities g-1 Gears biometrics task bar Motorola Reqall 965 search Vodafone Large Hadron Collider information rights management O2 GPS private cloud tele atlas office 2010 business technology automation etech bletchley park NGSCB BlackBerry Windows Server virtualisation hyper-v thermo spam fighting MRDA visualisation ribbon wildfire colossus NAS tablet Trend Micro yahoo mapping screen HTC Salesforce fingerprint Active Directory utility business application compatibility FUD atom HP how do I get the back off? anti-trust infrastructure Mark Hurd 64-bit gamer target Internet DLP Smartbook demo Secunia timezones p2v Silverlight downturn cosmic rays information cards RBL Treo Pro CIO AIR M&A semiotics mythbusters cisco phone management beta test Ruby On Rails ProCurve 2.0 TechEd 2008 Express Gate context Microsoft WPF Lenovo Apple oracle ec2 system management macro power cuts Corsair Verbatim regulations enterprise Firefox case logitech ADFS 2.0 appstore security theatre MWC NVIDIA network geotagging data loss prevention fault OEM Eee PC productivity html BT CERN patch Tuesday parallel computing october analytics Volume Shadow Copy Previous Versions IT transformation CardSpace ClipMate benchmark IIW2008b disk griffin laptop WEI DOS meaning DOSBox ballmerbot cold fusion Bing flash Istanbul telecoms xT9 offload Wyse Mercury QWERTY Bill Cheswick gaming OpenID open amherst Toshiba Portege R500 virus Xobni Location LHC Fire Eagle ANR appzero data centre transformation routing emulator mobile working screencam toshiba web troubleshooting netiquette virtual desktop Itanium fire RIA browser Acrobat Pro HMT mobile ofcom network community Crossfader battery life Beacon culture radeon Hugh Thompson MIX08 identity metasystem advertising IT policy flex bandwidth O'Reilly electricity price ipsec data loss machine learning CTO desktop. PC disaster recovery augmented reality remove back cam SKU fibre connectivity Mozilla innovation quiz Opera multiple monitors MAX Credentica Google bea competition greenplum Quest MING bombe ipv6 mysql cloud computing Greasemoneky identity theft fingerprint scanner Ruby installation Tombstone Objects sun bbc iplayer cloud active digitiser DSL user interface user experience citrix isps IM switch data privacy moblin optical interconnects developer anti-patterns MacBook Air demo09 AskEraser acquisitions rich client london migration icons Protected View winhec2008 HSPA high performance computing cracking drivers lockdown direct access encryption Google Spreadsheets business intelligence support voice recognition
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement