Exchange Server Spam Filter
Exchange Server Spam Filter
Exchange Server Spam Filter Introduction
The Exchange Spam filter Enterprise Edition is a spam filter software
which integrates with Microsoft® Windows® 2000/2003 IIS SMTP Service and
Microsoft® Exchange 2000/2003 Server to perform server-side email
filtering.
Why is Exchange Spam blocker useful?
Based on recent studies and on our research, currently about 60% of the
Internet emails are unsolicited bulk emails, also called "spam". It
takes resources to deal with spam, which leads to business loss: from
storage and administration cost to loss in productivity. Exchange Spam
filter helps you to stop these spam emails on your server, before they
would cause any business loss to you.
How does Exchange Server Spam filter work?
Exchange Spam filter integrates into the incoming SMTP sessions (the
email transfer protocol) and perform tests on the emails. If the
incoming email fails on these tests, the email get rejected, tagged or
redirected. Exchange Spam filter offers wide range of tests, from source
check (e.g. DNS blacklists, IP and sender blacklists, reverse DNS tests)
to content checks (e.g. SURBL check, advanced keyword and attachment
filtering) to determine what is spam and what is not.
An unique feature provided by Exchange Spam filter is its dual
filtering model, which allows filtering emails both before email arrival
and on email arrival. Filtering emails before arrival allows you to
effectively stop spam in a very resource-friendly way, while filtering
on arrival provides a wider range of tests and actions, such as
redirecting, tagging or dropping the spam emails.
Filtering before arrival is supported by many popular mail servers in
the industry, such as Sendmail, Exim, Procmail, qmail, iPlanet Messaging
Server or Postfix and used is by large ISPs to protect their users from
spam
For the latest information about Exchange Spam blocker
anti spam for exchange server for
your company
Filtering based on DNS blacklists
ORF Enterprise Edition supports using multiple DNS blacklists at the
same time for spam filtering, which greatly reduces administration costs
and provides high spam filtering effectivity. ORF is shipped with a
predefined set of selected DNS blacklist definitions, but users can also
extend the definitions.
Exchange Spam Software
SURBL support
SURBL's are online databases of "spamvertized" domains. ORF can check
the links found in emails in these databases and so detect spam emails.
Multiple SURBL's are supported in the same time and the default SURBL
definition set can be extended.
Exchange Spam Software
Greylisting
Another anti-spam feature based on temporary rejection of emails from
unknown senders. While greylisting provides an outstanding spam catch
rate, it causes about 15 minutes delay of emails from unknown senders as
well.
--------------------------------------------------------------------------------
* Before Arrival filtering point only
Exchange Spam Software
Attachment and keyword filtering
Using the attachment filter you can drop emails with malicious
attachments or replace them with a customisable warning text. Both the
keyword and the attachment filtering support using Perl-compatible
regular expressions, which makes the filtering extremely flexible. Both
features are Unicode-aware, so you can block emails with foreign
charsets or words with accented characters.
Exchange Spam Software
Automatic sender whitelist
A self-learning whitelist which monitors your outgoing emails and builds
a sender email address whitelist from the recipients of the outgoing
emails. In other words, the recipients of the emails that you send
become whitelisted senders.
Exchange Spam Software
Active Directory integration
Unlike other mail servers, Exchange 2000 does not reject emails
addressed to local recipients that does not exist. Exchange 2000 accepts
the mail for delivery and bounces the email later if the recipient user
does not exist. Spam is often sent with fake sender email address that
does not exist to recipients that are no longer valid, which results in
tons of NDR's filling up the mail queue.
Using the ORF's Active Directory integration you can reject incoming
emails addressed to local mailboxes that are no longer (or never been)
valid.
Exchange Spam Software
Tarpit Delay
Delays your server's response to blacklisted mails. Can be used to slow
down/stop Directory Harvest Attacks or to fight back to spammers.
Exchange Spam Software
Reviewing emails caught by the filter
The blacklist actions are customizable, the blacklisted emails can be
dropped, redirected to a specific email address or they can can be
tagged (header or subject) with a customizable indicator of spam(*).
These tagged emails can be moved to separate folders automatically by
Microsoft® Outlook at the users for later review.
Exchange Spam Software
Dual filtering points model
ORF's unique ability is to filter emails both before email arrival and
on email arrival. Blacklist tests performed by ORF can be assigned to
the Before Arrival, the On Arrival or both filtering points. It is
useful, for example, to bounce emails sent to non-existent local
recipients before arrival, while performing DNS blacklist tests at the
On Arrival filtering point provide you the ability of reviewing emails
caught by the DNS blacklists. More about filtering points is available
in the FAQ.
Exchange Spam Software
Logging and monitoring
ORF provides detailed, customisable logs about its activity. Multiple
log destinations are supported (text log, Windows Event Log, BSD syslog
and email notifications). ORF text logs can be viewed by any text file
viewer or by ORF's built-in log viewer tool, which also provides
powerful searching and filtering features.
Exchange Spam Software
Real-time statistics
The Enterprise Edition provides real-time statistics about its activity.
Statistics can be sent automatically to our company which creates DNS
blacklist popularity statistics from user reports. These statistics can
be viewed on our website (see DNS blacklist statistics).
Exchange Spam Software
IP blacklist, sender and recipient email blacklists
ORF allows you to block specific IP addresses (and IP ranges), message
senders or message recipients (local mailboxes) as determined in the
blacklists.
The IP blacklist supports both IP addresses and subnet definitions.
Addresses on the sender/recipient blacklist can be defined by either the
address, simple wildcarded mask or Perl-compatible regular expression.
Exchange Spam Software
IP whitelist, sender and recipient email whitelists
The IP and sender address whitelist can be used to exclude specific
email sources from filtering (e.g. business partners), while the
recipient whitelist provides an easy way to exclude specific local
mailboxes from filtering.
The IP whitelist supports both IP addresses and subnet definitions.
Addresses on the sender/recipient whitelist can be defined by either the
address, simple wildcarded mask or Perl-compatible regular expression.
Exchange Spam Software
Reverse DNS test
Using the reverse DNS (RDNS) test you can reject emails coming from
fake, non-existent domains.
Exchange Spam Software
Bonded Sender™ Program DNS whitelist support
IronPort Systems Inc's Bonded Sender™ Program provides a public DNS
whitelist. ORF can use this whitelist to recognize trusted senders.
More information about this program is available at http://www.bondedsender.org.
Exchange Spam Software
DNS cache
The Enterprise Edition can keep the DNS lookup results in an internal
cache for a user-specified period of time. This saves you bandwidth and
increases spam filtering speed.
Exchange Spam Software
Exportable/importable lists
The IP, sender and recipient whitelists and blacklists can be
exported/imported to and from various text formats, including CSV which
can be imported by Microsoft® Excel®. DNS blacklist definitions, keyword
and attachment filtering expression and other type of lists can be
exported/imported in XML format
For the latest information about
Exchange Spam filter
Exchange
Server Best Practices
The Exchange Server Best Practices Analyzer programmatically collects
settings and values from data repositories such as Active Directory,
registry, metabase and performance monitor and applies a set of 'best
practice' rules to the topology. Administrators will get a detailed
report listing the recommendations that can be made to the environment
to achieve greater performance, scalability and uptime. (22 Sept)
For the latest information about
Exchange Server Spam Filter
