Built-in spam fighters

In this tip I discuss four of the major features that Exchange 2003 offers to help reduce the amount of spam you receive. You can find more information and a list of these features at http://www.microsoft.com/exchange/techinfo/security/antispam.asp.

#1: Sender filtering. Sender filtering lets you establish a list of users that you do not want to receive mail from (similar to a blacklist). When new messages arrive, Exchange compares the From field to your blocked sender list to see if there is a match. If a match exists, Exchange can drop the connection with the sender rather than accepting the message.

If you want to enable sender filtering, you can do so by opening the Exchange System Manager and navigating to Global Settings | Message Delivery. Right click on the Message Delivery container and select the Properties command from the resulting shortcut menu to reveal the Message Delivery Properties sheet. Now, just select the Sender Filtering tab and then click the Add button to specify the sender that you would like to block.

#2: Recipient filtering. Another antispam option found on the Message Delivery Properties sheet is recipient filtering. Recipient filtering involves blocking messages sent to particular recipients. At first, such an option might sound ineffective in the war against spam, but if you look at the Recipient Filtering tab you will notice that the tab contains a check box labeled Filter Recipients Who Are Not In The Directory. This option allows Exchange to block all messages that are destined for users who do not exist within the Active Directory.

Think about it this way: A lot of spam is sent to random addresses at registered domains in hopes of hitting a legitimate e-mail box in the process. Normally, when a message arrives that's intended for a non-existent address, Exchange had to waste resources by generating and transmitting a Non Delivery Report (NDR). However, if you were to select this check box you can force Exchange to simply reject the message rather than respond with an NDR.

#3: Global Accept and Deny List.Yet another option that helps prevent spam is the Global Accept and Deny List. The options for the Global Accept and Deny List configuration are found on the Message Delivery Properties sheet's Connection Filtering tab.

The idea behind this option is that it works similarly to a blacklist /whitelist. For example, you probably have clients, customers, suppliers, consultants or someone who sends you important mail on a regular basis. Since these people routinely send you important messages, you don't want Exchange to ever flag the messages as spam. This is where the Accept and Deny list comes into play. Simply enter the person's IP address into the Accept portion of the list and mail from the person will never be flagged as spam (unless they use a different computer or have a dynamic IP address). Similarly, if you want to block all mail from a specific person, you can enter their IP address into the Deny list.

In my opinion, this is one area where Microsoft has really dropped the ball when it comes to spam filtering. Other third-party spam filtering solutions let you enter specific e-mail addresses or domains into the blacklist /whitelist. Sure, an e-mail address or domain can be spoofed by a spammer, but at least if you were to list someone on your whitelist by e-mail address, you don't have to worry about messages from the person being accidentally flagged as spam if they were to use a different computer. Additionally, some third-party antispam solutions will automatically update the whitelist any time that you send a message to someone. This guarantees that the reply to your message is never flagged as spam.

#4: Mail relaying. Mail relaying is one of those features that has received a lot of press over the last couple of years because of the way that it can be exploited by spammers. The idea is that spammers can relay mail through your Exchange organization making it look like the spam came from you. There are several problems with this. First, the world may think that you are a spammer. Second, you will probably get blacklisted, meaning that you will have trouble sending legitimate mail. Third, having spam routed through your Exchange organization means that you're being robbed of bandwidth and system resources.

However, mail relaying isn't entirely bad. There are legitimate needs for relaying mail. Fortunately, Exchange 2003 allows you to deny mail relay capabilities to spammers, while permitting mail relay to those with a legitimate need for it.

To do so, open the Exchange System Manager and navigate to Administrative Groups | your administrative group | Servers | your server | Protocols | SMTP | Default SMTP Virtual Server. Right click on the Default SMTP Virtual Server container and select the Properties command from the resulting shortcut menu. When you do this, you will see the Default SMTP Server Properties sheet. Select the properties sheet's Access tab and then click the Relay button. You will see a dialog box that allows you to explicitly assign relay access to individual users. You also have the option of allowing anyone who successfully authenticates to relay mail.

As you can see, Exchange 2003 has a lot of built-in antispam features. While these features can be used to reduce spam, they are no match for the features found in most third-party antispam products.

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, Tech Target, MSD2D, Relevant Technologies, and numerous other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.

Do you have a useful Exchange tip to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Security Tips Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Microsoft Exchange Server Administration Tools How to custom-configure a Microsoft Outlook 2007 install using OCT Top Exchange Server performance monitoring and troubleshooting tools Search and index Microsoft Outlook 2007 public folders Executing an .MSP customization file in Microsoft Outlook 2007 Using the NTBackup tool for Exchange Server backup and recovery Tools to bulk modify Active Directory users in Exchange Server 2003 Free tools keep Microsoft Outlook visible in Windows Vista Setting up email disclaimers and signatures in Exchange Server Tool deploys customized Microsoft Outlook 2007 configurations Third-party Exchange Server 2007 backup and restore tools Microsoft Exchange Server Administration Tools Research Antispam Software and Spam Filtering Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How can I configure Exchange IMF to allow an IP address or DNS? Tool helps identify inbound Exchange Server email flow issues Exchange email sent to a domain using SPF authentication is returned Configure SMTP relay restrictions in Exchange Server 2003 to stop spam Secure Edge Transport servers using the Security Configuration Wizard Create a global Safe Senders List in Exchange 2007 to filter spam Migrating antispam settings from Exchange 2003 to Exchange 2007 The six-layered secret of effective Exchange Server email filtering Antispam Software and Spam Filtering Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Remote Installation Service  (SearchExchange.com) TCPMAN  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.