The Exchange 2010 Edge Transport role implements nine different technologies for reducing spam hitting your information store and your users’ inboxes. While all of these are available to you, some require some additional configuration, others require some degree of monitoring, and all should be well understood by anyone managing an Exchange 2010 infrastructure. This post will go over these nine protections, and offer some guidance on how to manage them.
To get to the settings on any of these, go to your Edge Transport Server and launch the Exchange Management Console. The first tab is the Anti-spam tab.
- Content Filtering
Content filtering uses an algorithm to identify spam. While this is automatic, this method also lets you add words to a Custom Words list, so you can either add words that should always cause an email to register as spam, or words that should indicate a mail is not spam. You can also enter exceptions for recipients, and set whether to reject, delete, or quarantine emails that trip a threshold.
- IP Allow List
This allows you to whitelist ip.addrs that should always be allowed to deliver email with no further filtering. You can add other servers in your enterprise, or your key partner or customer systems. CIDR notation is supported, and so is IPv6.
- IP Allow List Providers
This setting allows you to add one or more lists of providers that indicate safe servers, which will not send spam. This requires you to identify and trust a third party service.
- IP Block List
This is just what is sounds like, a list of systems banned from sending you email.
- IP Block List Providers
This is another setting that allows you to add service providers who maintain and publish lists of known spammer ip.addrs. Again, it requires you to identify and trust a third party service, but it also enables you to whitelist messages destined for particular mailboxes, like your customer service or sales teams.
- Recipient Filtering
This gives you two options; to block messages sent to non-existent recipients, and to block messages sent to specific recipients. This can reduce the amount of junk coming in to your badmail queue, as well as to block email being sent to former employees whose mailboxes you have to keep online, but who should not receive any new email.
- Sender Filtering
Here, you can specify senders that you want to block by email address or domain, and you can also block messages that don’t have sender information, as seen in the MAIL FROM: SMTP message. Many bots and remailers skip that step.
- Sender ID
Here is one of my favourites, and the topic of my recent article on SPF. If a message comes from a system not in the SPF record, you can set to reject or delete it here. This does require that the SPF record be set to a hard fail (-).
- Sender Reputation
Sender reputation is the only option that has its own behavior that includes some temporary actions for senders of spam. The protocol exchanges are analysed to see if they are suspect, a reverse DNS query is performed, and it can also test the sending address by probing it to see if it is an open proxy, and therefore subject to abuse. If an address sends too many suspect messages, Sender Reputation can automatically ban them for a set period of time (24 hours by default.)
So as you can see, Exchange 2010 has some great anti-spam mechanisms included. But considering just how much spam is hitting your edge transport server, and how big a problem it is for companies, you might want to consider augmenting that with another anti-spam product or service. When it comes to spam, the more protections you put into place the happier your users will be.