Skip to navigation
   
Simon Bisson & Mary Branscombe's Blog
RSS

Spam Fighting in Exchange

By Simon Bisson & Mary Branscombe in Editorial

Posted in Spam, Email on August 6, 2008 at 9:09 am

Permalink | Author Profile

How can you fight spam with one of the most common email servers out there? After all, surely that should mean it’s an easy play for the spammers, with enough holes to get every V1agr4 advert and pump-and-dump scam into your users’ mailboxes.

It turns out it isn’t - and that the built-in tools are effective spam blockers.

If you’re not using Exchange 2007 Content Filter (or Exchange 2007’s Intelligent Message Filter) turn them on. This is one of the most effective weapons in your arsenal. It’s regularly updated, and it scans messages for common spam formats. Mesages are categorised and given spam ratings, which you can use to reject, quarantine, or file messages in users’ Junk Mail folders. CF is surprisingly easy to use - set it up, set the basic filtering rules, and then occasionaly check your quarantine mail box for false positives.

Exchange 2007 has even added whitelisting for persistently filtered false positives. Once a domain is whitelisted, there’s no more delving in the spam folders for Twitter invites or press releases from Kaspersky and Sophos.

I’d been running my server like that for some time, when I discovered another trick that turned out to make a huge difference. Exchange actually supports using real-time block lists (RBLs), which are lists of spam IP addresses hosted by services like SpamCop and Spamhaus. It’s trivially easy to add new block lists to Exchange - just find the lookup address on the block list site (Spamhaus’ is zen.spamhaus.org), and add it and the provider name in the Block List Provider section of Exchange’s anti-spam tools.

Without RBL support turned on I was getting 500 or so spam messages in my quarantine a day, making it hard to filter out the few false positives. With it on, I’m down to less than 100. Managing my spam is a lot easier - and with whitelisting, I’m having to look in the spam folder a lot less often…

–Simon

12345
Not yet rated
Loading ... Loading ...

 

   
Tag cloud

O'Reilly cold fusion application compatibility enterprise flash moblin wubi logitech parallel computing display Ask.com optical interconnects rich client Tom Hogan media center ANR xT9 Mozilla deperimeterization data centre support BT OEM visualisation flex nvision08 3G machine learning FUD Secunia Barracuda cloud computing uninstall deborah adler monitor remove back ikea Dell business intelligence anti-patterns utility Vodafone rtm Moonlight business technology automation merger ucsd phone management toshiba distributed computing hdmi Pal hard drive backhaul office Istanbul october geocaching Quest spam fighting power open source laptop ipv6 networks vulnerabilities yahoo Internet Explorer maps spam exchange developer task bar thin client CTO pen computing no signal 965 Delphi Hugh Thompson DSL microsoft security essentials MING NVIDIA hierarchical temporal memory AIR SapphireSteel screen MAX HMT identity theft BitLocker voice recognition terabytes sun TechEd 2008 Sony Opteron fibre infrastructure screencam MacBook Air macro co-processor Nokia mms 2009 griffin Tablet PC M&A virtualisation isps conference desktop. PC target bea BES g-1 quiz eu pre-boot hp microsoft research cellcrypt usb p2v Opera Dopplr Crossfader bandwidth Large Hadron Collider fonts server T-Mobile information accessories windows flash drive Treo Pro O2 history MWC gameboard ontier amherst cables mobile Linux aws windows server 2008 r2 power cuts search goview DOS T9 dual boot images demo09 fingerprint scanner camera culture Windows Live identitity NAS media BlackBerry disk OFCOM Google Spreadsheets enterprise architecture identity metasystem Previous Versions multiple monitors ribbon clean install Xen Trolltech BBC isp Magny-Cours Smartbook Trend Micro malware Google IO upgrade lost server Bill Cheswick Qualcomm bug semiotics todo list IT policy TouchSmart Loki high performance computing how do I get the back off? lawsuit Safari training Tablet Kiosk SBS android Numenta secure fingerprint TSA colossus mobile data tariffs Tripit christmas mash-up microsoft research QWERTY 2.0 wildfire g-2 geek tourism context GPL Mercury MIX video ultraportable beta test Itanium politics pgp emulator privacy green IT annotation SKU CIO claims productivity ADFS 2.0 patent international roaming exabytes tablet Jeff Jones mysql icons Seagate trends bolt control panel Live Mesh drivers GPS Acrobat Pro ubuntu designer greenplum anti-trust Wyse keyboard MIX08 RSA 2008 bletchley park Bing docking station storage netiquette lockdown old software consolidation AMD Embarcadero DisplayLink DOSBox vmware IT value city Palm geotagging market share connectivity dvi traffic wes Toshiba Portege R500 numbers project Salesforce navteq Java meaning office 2010 Hp 2710p mobile network public cloud Frauenhofer smartphone cisco acquisitions Ruby Mono tennis dual display anti-virus IO network tele atlas Mark Hurd mainframe open advertising Verbatim Windows Server 2008 offload installation mobile working cloud service google online applications ruggedized security paradox AuthenTec IM community Windows Mobile oracle database regulation IT automation natural interface GPU accelerator browser Google Sets windows 7 MacWorld 2008 information cards IDF social networking management email migration user interface Asus data centre transformation NexT Volume Shadow Copy netbook Windows Server SSD WPF wifi Vista Facebook citrix gamer regulations phone settings processors Jeff Hawkins 2009 Clear RX people WinHEC ec2 business technology optimisation RAZR system center Fire Eagle ballmerbot Express Gate Girl Geek Dinners augmented reality hardware Google firewall biometrics NGSCB hacking mobile broadband HSDPA Motorola thermo winhec2008 Apple instant messaging business continuity utilities gaming applications setup switch OQO atom geneva webkit power supply benchmark interoperability workflow information rights management robot Active Directory forensics AskEraser iPhone collaboration bugs cosmic rays web 2.0 expo IT transformation voice HTC CUDA rc UMPC timezones teched system management battery life WEI Firefox IBM virus bbc iplayer data tariff routing innovation appstore electricity price troubleshooting power saving credit crunch relocation beta Xobni disk space .NET service oriented enterprise HP legacy RIM hold music apps licensing netbooks cam user experience fire ipsec pixetell web Chrome LHC calit2 etech Gartner mapping Netscan Gears encryption legislation HTML 5 i-mate Lenovo future in review data loss prevention telecoms Opsware 64-bit SMB 2 security mobility LiveID mscape Internet Adobe business safend adfs Tim Berners-Lee Location software Bill Gates office politics html demo hyper-v Credentica Intel hibernation Internet Explorer 8 national museum of computing Nuance wave codec ClipMate WWW whitelist development design moscow data patch Tuesday DLP ProCurve outlook active digitiser transcoding congestion charge installer Protected View radeon business model iPass CES social engineering Greasemoneky SP1 macbook Eee PC RSS search OpenID police competition cloud bombe MRDA Microsoft direct access RBL insert SIM Corsair Linux performance it pro navigation Tombstone Objects private cloud conferences EEE Ruby On Rails CardSpace magic virtual desktop catalyst Ray Ozzie venture capital HSPA web2expo london data loss mythbusters education evernote Visual Studio amazon Reqall Enterprise 2.0 Mini-Note EMC mobile ATI futura streaming media CERN Beacon RIA twitter cracking Silverlight Windows 7 vs Windows Vista Trampoline green printing d2c CPU turing Wimbledon IIW2008b Palladium verdana fault Netscape case ports appzero Web 2.0 wireless USB VSSAdmin Skyfire gabriola disaster recovery analytics downturn mobile ofcom network security theatre server sprawl
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement