Custom email filtering with Forefront Protection 2010 for Exchange

Custom email filtering with Forefront Protection 2010 for Exchange

Microsoft Forefront Protection 2010 for Exchange Server is primarily known for its antivirus and antispam features. But often overlooked is the fact it also lets you create custom filters based on the sender, keywords, attachments and other email attributes.

Regular Exchange filters work on top of the To: and CC: metadata attributes and support importance levels for filters. ForeFront Protection 2010 for Exchange (FPE) provides flexible filtering capabilities that include case-sensitive keyword searches, the ability to filter by file types and a consolidated view of all filters in a central location. Here are various FPE filters and how they will help you manage

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by Exchange professionals today working with Exchange, Outlook and other related technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchExchange.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchExchange.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Premium Access

Register now for unlimited access to our premium content across our network of over 70 information Technology web sites.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in January 2012

email services and enforce policies more effectively.

ForeFront Protection 2010 for Exchange filter types
FPE supports five types of filters. When configuring these filters, you must do two things. First, you must specify criteria that will be matched in the message, and second, you must designate the action to be performed if the message matches that criteria.

1. FPE file filter: This filter screens for files based on type, name, extension or size. For example, let’s say you want to prevent executable files from reaching your email system. To do so, filter by .exe and .dll. Similarly, to prevent large attachments from consuming too much storage space, specify the maximum file size that is allowed in incoming email.

2. FPE keyword filter: This filter lets you create a list of keywords that, if present in the message, trigger the filter; you can also specify a minimum number of keywords that must be present. In certain cases, you may want to filter based on a single term, such as offensive words that might contribute to a hostile work environment. In other cases, where terms may have legitimate uses based on context, you can match two or more potentially problematic terms together to reduce the risk of misclassifying a legitimate message.

3. FPE sender-domain filter: This filter scans the From: field of a message. If the sender’s address is explicitly listed or if a domain pattern in the criteria matches the sender’s address, the message is filtered.

4. FPE subject-line filter: This filter blocks messages based on subject-line text. When setting your criteria, you can specify either a full or partial subject line. Partial subject lines are specified using “*”.

While this filter is most often used to block unwanted and unsolicited messages, it can also be used to collect data about particular message types. For example, you can create a subject line filter to scan for “*job” or “*internship*” and configure the filter to let the message pass, while keeping track of how many messages with the designated words have been received.

5. FPE allowed-senders filter: This filter is a bit different from the others. Rather than checking messages for particular content, the allowed-senders filter permits messages from known senders to bypass other filters. Use this filter for internal email addresses or trusted business partners if Exchange server performance is an issue.

This setting doesn’t modify antimalware scanning, but messages from known senders are still subject to it. Allowed-sender filters can be configured for individual email addresses as well as domains. When you define this filter, you actually specify the type of action that is skipped, such as filtering files, keywords, subject lines or sender domains.

ForeFront Protection 2010 for Exchange action types
When a message matches any of the filter criteria, a specified action is performed. You must specify whether to skip, delete, purge or identify a message.

  • If you choose the skip option, the message is passed on, unaltered, but recorded. The skip option helps collect data on the volume of certain messages, without disrupting mail flow.

    You can also combine the skip option with filter criteria designed to identify messages based on topics. This helps you understand the amount of different types of messages your users receive. For example, you can determine what percentage of email messages are complaints, business solicitations, non-work related messages, etc.

  • The delete option removes an attachment from a message and replaces it with text indicating as such.
  • The purge option deletes a message, but you can also configure FPE to quarantine it.
  • The identify option inserts a message into the subject line or message header so that the recipient can easily see that the email has been flagged.

    FPE custom filters help enforce messaging policies, especially when it comes to appropriate use of your corporate email system. They help you reduce the spread of offensive content, prevent large files from being exchanged over email and encourage the use of file transfer programs and collaboration services like Microsoft SharePoint.

ABOUT THE AUTHOR
Dan Sullivan is a technology writer and analyst with Concentrated Technology, LLC.

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top