Exchange 2010 Safelist Aggregation ‘Crowdsources’ Anti-spam Efforts

You know that Exchange 2010 has its own anti-spam functionality, and you also know that users can set up their own safe and blocked sender and domain lists in Outlook 2007 and 2010, but did you know the two work together? Just like you can get chocolate in my peanut butter/I can get peanut butter in your chocolate, Exchange 2010 use these two great things, to provide more effective anti-spam measures at your edge. Safelist Aggregation uses data from users’ Safe Recipients Lists, Safe Senders Lists, Blocked Senders Lists, and contacts, to create a kind of metadirectory of good and bad addresses which makes the Edge Transport Server’s anti-spam functionality more effective, and also helps reduce the incidence of false positives.

When a user flags an email address as either safe or blocked, it adds a hash value to the appropriate attribute in their Active Directory account under one of these three attributes:

  • msExchBlockedSendersHash
  • msExchSafeRecipientsHash
  • msExchSafeSendersHash

Each can contain up to 1024 entries per user account by default. One way hashing is used both to conserve space and to prevent malicious users from viewing or extracting usable data out of the lists should they gain access to the Edge Transport Server or data from the Active Directory.

Exchange 2010 uses Safelist Aggregation by default. The Junk E-mail Options mailbox assistant runs in the background, scraping user accounts for updates to the attributes that store hashes, aggregating the lists, and storing the data in the application partition of Active Directory. Edge Transport servers obtain this information through the EdgeSync process, and use it to compare the source address of incoming email to the list by comparing hashes.

Updates to users’ information will automatically propagate to Active Directory, but you can force that process using the PowerShell cmdlet Update-SafeList. If a user adds an address that you want to rapidly update through to help protect all users, you could update Active Directory, and then trigger an EdgeSync. An example of the processes to do this includes

Update-Safelist –Identity user@example.com –type SafeSenders [enter]

Then run Start-EdgeSynchronization.

If a user has the need for more than the 1024 entries, you can use the Exchange Management Shell to set different values. Use the Set-Mailbox command with the switches –MaxBlockSenders and –MaxSafeSenders to set values appropriate to your situation.

With Safelist Aggregation, Exchange 2010 uses the power of crowdsourcing to “learn” which senders are good, and which are bad, by using the decisions of your users to update its own Edge Transport Server lists. This is just another behind the scenes technology that makes Exchange 2010 such a powerful enterprise email solution.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

0 Comments

  1. Nick Gonzales · January 16, 2012

    Crowdsourcing may be open to abuse by users if not used correctly, but it’s a really smart way to tackle security and spam issues. If everyone does their small part the big problem is taken care of quickly and quietly.

  2. Nate · January 16, 2012

    This is what I’ve been talking about – that crowdsourcing is the sure way to get rid or minimize all types of spam activities, including the ones deemed to be malicious.

    Email spams, social media spams, SMS spams, IM spams, and all other kinds of spams mostly target individual users (rather than groups, organizations, and companies). Why not use this technique to our advantage – turning the spammers’ mass-based processes against them? It sounds impractical (only at first) but mind me, it will lessen the number of spams we receive every day.

  3. Yardley Coleman · January 18, 2012

    Be careful about crowdsourcing. Although it has some benefits – it also offers some disadvantages. Some of its pitfalls include

    *Confidentiality and Anonymity
    Contributors are not known. Anyone can just contribute for the sake – even those who are not familiar with the case can contribute several entries.

    *Some of the submitted data are not qualified enough to be legible or credible. Because almost anyone can submit entries, some of the submitted data can’t be considered as true entries.

    *Moreover, crowdsourcing also does not follow a uniformed standard throughout its processes (usually).

Leave A Reply