WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • Anti-Spam
  • Bringing Together the Exchange Anti-SPAM Cocktail

Bringing Together the Exchange Anti-SPAM Cocktail

Alexander Zammit

Alexander Zammit Photo

Alexander Zammit has been developing server applications for over 15 years. Most of his works involve Exchange integrated applications, including a FAX server, a mail security product and anti-spam products.

  • Published: Jun 14, 2005
  • Category: Anti-Spam
  • Votes: 4.8 out of 5 - 5 Votes
Cast your Vote
Poor Excellent

Ever wondered how many times an email is analyzed for all sorts of things? Today Exchange and Outlook on their own provide four layers just for SPAM filtering. Together these provide quite good protection but as we shall see using all of them might be unnecessary.

Let's see these filters in action and walk step-by-step with an email as it moves through each filtering stage. Here I will simply assume that all layers are configured and enabled:

  1. The sending server initiates an SMTP connection. Exchange analyzes the connecting IP against its connection filtering list. If listed, Exchange refuses the connection immediately.

  2. If the connection goes through, the sending server will then supply the SMTP sender address which is verified against Sender Filtering.

  3. Next in line is recipient filtering, checking each of the destination addresses.

  4. We have now completed the first filtering stage. The email is now in the hands of the Exchange Intelligent Message Filter. Here it is analyzed and an SCL rating assigned. This will either cause the email to be filtered due to Gateway Blocking or will go through heading towards the recipient mailbox.

  5. The email is right at the recipient mailbox. Exchange has to determine whether to deposit this to the Inbox or to Junk Email. It is now time to check the Safe Senders, Safe Recipients, Blocked Senders lists. A match with any of these lists will determine the final destination.

  6. If no match was found at the previous stage, Exchange has to check the IMF SCL rating. This is where the IMF Store Junk Email SCL threshold comes into play. If the email was assigned an SCL greater than the configured threshold the Junk Email folder becomes the final destination.

    Note that up to this stage all processing was done by Exchange 2003. This type of functionality is available to all organizations independently of what type of email client is in use.

  7. Exchange has now completed its job and it's the turn of Outlook 2003 to perform further processing. Outlook will only process emails reaching the inbox if used in cached mode or with personal folders. If this is the case, the client side content filter and the Safe Senders, Safe Recipients and Blocked Senders list are used to analyze the email determining the final classification between legitimate email and junk.

An interesting point is the fact that the Safe Senders, Safe Recipients and Blocked Senders lists were applied twice in the steps above. In this particular case the processing of these lists at the Outlook client is redundant. Still keep in mind that we are here considering a case where all filtering is being applied. This is not always the case.

Another point of interest is that SmartScreen Technology filtering was in this case applied at two separate stages once by IMF and once by Outlook. If we were to update both filters with the latest releases from Microsoft available today, we should have differing behaviors from these filters simply because Microsoft release Outlook filter updates more often than for IMF. Nevertheless this difference is not that noticeable when looking at the end result.

IMF has the important advantage of being a server side solution when compared to Outlook based filtering. At the server you can apply Gateway Blocking minimizing the load of SPAM reaching the recipient mailbox. Added to this IMF simplifies administration. It is clearly easier to manage one filter at the server rather than hundreds of filters at end user machines. Today with increasing support of third party tools, IMF is becoming the most appropriate solution at the enterprise level, rendering filtering at the client unnecessary.

References

Exchange Intelligent Message Filter

Latest Exchange IMF update

How to obtain the latest Microsoft Office Outlook 2003 junk e-mail filter updates

User Comments - Page 1 of 1

Add New Comment...

Alexander Zammit 23 Jul 2008 23:36
IMF Tune haven't got any such limitation you can load its white/black lists with thousands of entries.

However it is best to discuss an IMF Tune questions with WinDeveloper support.
IMF user 23 Jul 2008 21:06
We've moved to using the full set of Exchange spam filtering steps (and tarpit NDRs) but our biggest problem is that the custom content weighting list xml definitions file is limited to 128k. Does IMFTune overcome this limitation or do you know of a patch that allows it to be larger?
Copyright © 2005 - 2018 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation