Exchange 2010’s anti-spam capabilities are robust, and many companies find the protection offered by the Edge Transport server role to be strong enough to meet their needs. Sometimes, that protection (just like anti-spam measures on any system) may prove to be too strong, and you can find yourself wanting to add certain senders to what can be called the safe senders list, the permitted senders list, or the whitelist.

Exchange’s whitelist is a list of SMTP addresses that are permitted to send email to recipients on the Exchange system, without being subject to any of the spam filtering capabilities within the system. The whitelist can be both powerful and dangerous. Consider what will happen when you add user@example.com to the whitelist. If an email comes in to the system, and the header states that the mail is from user@example.com, then that email is accepted and passed through to the recipient’s mailbox. It won’t matter what else might be in the message, including key words, links, or anything else that screams “spam,” a whitelisted sender is passed right through. If the sending address was spoofed, this will result in spam messages reaching the user’s mailbox.

Continue reading How to manage whitelists using the Exchange Management Shell

To help new administrators get on their feet for some common administrative tasks they will be faced with, I’ve put together some resources that I hope will help them get a head start on them.

Unattended setup of Exchange 2010

Looking to perform an unattended setup of Exchange Server 2010? Well, this guide highlights the required flags and properties to initiate an unattended setup, and also strings together a suggested command line to help administrators up to speed. Of course, Microsoft TechNet Library has the low-down for those who must have the full details of all applicable parameters here. [Unattended setup of Exchange 2010]

Configuring Exchange 2010 Certificate

This site from Microsoft highlights the steps administrators need to perform to set up a proper certificate as opposed to using the default self-signed ones. I found the step-by-step guide to be very clear, though you might also want to check out the 2.5 minutes video tutorial of the same put together by certificate authority Digicert here. [How to configure Exchange 2010 Certificate]

Enabling Anti-Spam Features on Exchange 2010 Hub Transport Server

New administrators might not necessarily be aware that Exchange’s built-in anti-spam functionality is enabled by default on Edge Transport servers, but not on Hub Transport servers. Given that smaller (or even mid-sized) organizations might only need to deploy a single Exchange server for their needs, the following resource walks through the steps to enable the anti-spam feature for such deployment scenarios. [How to enable Exchange 2010 anti-spam feature]

View the Current Mailbox Size, Message Count, and Last Logon

To aid their diagnosis of a wide range of issues, administrators will find themselves occasionally needing details such as the mailbox size, number of messages and last logon. TechNet Magazine highlights the simple steps to determine the above information using the Exchange GUI, as well as via command line. [Quickly view the current mailbox size, message count, and last logon]

Can you think of other common tasks (and how to do it) that new Exchange administrators will benefit from? Feel free to chip in below!

When your e-mails are flagged by the spam filters as legitimate spam, it can be bad for your business as communication gets derailed, especially if you are expecting an important email.  To avoid losing an important client or work getting prolonged due to e-mails not being read, you need to ensure your messages always reach the intended mailboxes.

It seems that the spam filters sometimes automatically move messages tagged as “illegitimate messages” into the spam inbox section.  You can actually prevent this from happening by composing a good message that will pass the spam filters.  The spam filters generally work by employing a scoring system.  If an e-mail message gets a high score, the higher the chances of the message arriving at the spam folder and eventually being deleted without being read.  To get over the spam filters, you need to know some dos and don’ts so you can guarantee that your important messages will appear in the proper mailbox of the recipient.

Continue reading 10 Ways to Make Sure your Emails Never End Up in the Spam Folder

I read a tip just recently that advocated the use of fake MX records as a spam deterrent.  The solution was apparently devised after struggling with the server load that was being generated by spam emails.

As we all know, spam makes up as much as 90% of global email traffic, so it is not unusual for spam load to be a serious issue for email server performance.  The natural instinct is to prevent that load from being applied to the server in the first place.  Fake MX records are not the best way to do this.

MX records are the DNS records that tell email servers where to send email that is addressed to a particular domain.  For example, if I send an email to john@company.com my email server will look up the MX record for company.com, determine the associated IP address, and transmit the message over SMTP to that IP address.

To maintain redundancy most organizations will use multiple MX records that point to multiple email servers, so that if one is unavailable the others can still receive incoming email.  MX records are given a priority, an arbitrary number that is only relative to the priority of other MX records for that domain.  The lower the number, the higher the priority.

So for the same example as above, my email server looks up the MX record for company.com and gets the following response.

company.com MX preference = 10, mail exchanger =
 maila.company.com

company.com MX preference = 20, mail exchanger =
 mailb.company.com

It knows then to send to maila.company.com first, and then try mailb.company.com if the first try is not successful.

The idea of fake MX records is to create multiple MX records (usually at least 3) of varying priority, and have the highest and lowest priority MX records be pointing to non-existent servers.  The theory is that spammer’s botnets will only try to send to the highest or lowest priority MX, and then when they get no response will give up and move on to the next victim.  Some email administrators use as many as 10 MX records with only one real one among them.

The theory has some merit.  Spammers want to send out as much email as possible so usually won’t waste time and resources by having their bots try multiple MX records for a targeted domain.  However the technique impacts legitimate senders as well. Continue reading Fake MX Records More Harm Than Good

Is your business drowning in spam? Do you want an efficient and free way to stop spam from entering your inbox? ExchangeServerPro.com and GFI Software have teamed up to achieve a Spam Free 2010 by giving away two license packs of GFI MailEssentials™.

Two people have the chance of winning either the first prize which is a 50 user license pack or the runner up prize – a 25 user license pack.

For details on how to enter the competition check out Paul’s blog post. The deadline for the contest is 31 January 2010, Australian EST.

Despite the generally excellent performance of most modern, well-tuned anti-spam engines, some spam is going to get through. We may be lulled into a false sense of superiority when for a period of time our anti-spam tools and techniques have borne fruit, and we see that we have more-than-just-excellent results; we have no spam in our inboxes for an entire day, week, whatever. Then, it returns. We’ve all seen it happen. Some strangely formatted message that you or I can surely tell is garbage, a bizarre attempt to sneak through your heuristics that has surprisingly succeeded.

Lately it has been some rather clever nonsense. I’ve been getting these spam emails with a particularly peculiar twist. Many of them have what appear to be at first glance meaningful, but “non-spam” sentences. On closer look, the sentences are strange, and not quite sensible. For some reason they consistently were getting through the spam filtering. What was strangest to me was the lack of any marketing content or attempt to sell whatsoever. They did have a link in the message, and the link was not ever to the same web destination or even clearly directed to an obvious undesirable site. This may have been one of the reasons this set of spam got by; to the filters, it looked really no different than a sentence or two sent by a friend describing some link they thought I would be interested in.

Continue reading The Latest Spam Getting Through Your Filtering – and What to Do About It

The National Cyber Security Alliance (NCSA) has announced their annual campaign for cyber-security awareness.

Awareness, more than anything, is the most important weapon in securing your enterprises and ensuring that malware doesn’t sneak in through your email servers. Awareness? Doesn’t everybody know about the dangers lurking in cyberspace by now? What we folks in the IT business take for granted is often unknown or ignored by ordinary users. When we get emails from a deposed general of a third world country, asking for assistance in moving $40 million into the US, and offering a percentage for the service, our immediate reaction is to simply delete the email. It’s a painfully obvious scam to most of us and we pay it no attention. But yet, they keep coming in every day. Why do people keep sending out these pathetic attempts to get our bank account numbers? Simple. Because not everybody is aware that it is a scam.

Continue reading Confusion over cyber-security