SafeSenders, BlockedSenders and the Mystery of Misclassified Emails
- Alexander Zammit Sep 26, 2016
Outlook SafeSenders, BlockedSenders lists often catch administrators unprepared. Users have the power to directly configure how spam is filtered at the server. Luckily Exchange provides for managing these settings from the shell.
Video - Exchange 2013 Anti-Spam Part 6 - Content Filter (cont.)
- Alexander Zammit Jul 25, 2013
Today we continue configuring the Content Filter. We override the Global SCL Thresholds with per mailbox thresholds, configure a list of phrases that identify legitimate and spam emails, add a list of recipient exceptions and customize the SMTP rejection response.
Video - Exchange 2013 Anti-Spam Part 5 - Content Filter
- Alexander Zammit Jun 19, 2013
The Content Filter blocks emails containing content typically found in spam emails. Here we learn about the Spam Confidence Level rating system and the configuration of filtering thresholds.
Video - Exchange 2013 Anti-Spam Part 4 - Sender ID Filter
- Alexander Zammit May 20, 2013
Sender ID filtering works in tandem with SPF records to catch sender address spoofing. We continue our video series with a look at how this filter works and configure the most important options from the management shell.
Video - Exchange 2013 Anti-Spam Part 3 - Recipient Filter
- Alexander Zammit Apr 23, 2013
Our video series continues with Recipient Filtering. On our agenda we have the setup of a recipient block list, blocking recipients not present at the Address Book, Tarpitting and testing the filter using telnet.
Video - Exchange 2013 Anti-Spam Part 2 - Sender Filter
- Alexander Zammit Apr 09, 2013
Today we continue our Exchange 2013 anti-spam video series with Sender Filtering. Our agenda includes, setup of sender block lists, blocking of emails having an empty sender and testing the filter using telnet.
Video - Exchange 2013 Anti-Spam Part 1 - Installation
- Alexander Zammit Mar 26, 2013
In this video series we go through the spam filtering functionality available in Exchange 2013 RTM. In this part we install the anti-spam agents, configure the list of internal SMTP Servers and learn to work with list parameters.
Exchange 2003, 2007, 2010, 2013 Junk Email Folder
- Alexander Zammit Feb 06, 2013
Starting from the Exchange 2003 Intelligent Message Filter, an annoying problem with managing the Junk Folder enablement switch surfaced. The Exchange 2007 Content Filter inherited the same problem. Finally after many years, Exchange 2010 gave this story a happy ending!
Learning Transport Agent Pipeline Tracing Hands-on (Part 2)
- Alexander Zammit Jun 26, 2012
There is no better way to learn about pipeline tracing other than the practical way. Here we setup more test scenarios to see the trace output for a rejected email. We also see the results produced by an email matching the IP Allow list.
Learning Transport Agent Pipeline Tracing Hands-on (Part 1)
- Alexander Zammit Jun 12, 2012
Pipeline tracing opens a window into the email transport. It uncovers the email modifications carried out by transport agents. Non-Delivery Reports (NDRs) and other Exchange generated emails can also be exposed in this manner. Here we learn how to use pipeline tracing by example.
Going Back from Forefront 2010 Anti-Spam to the Exchange Content Filter
- Kenneth Spiteri May 24, 2012
Microsoft Forefront Protection 2010 for Exchange introduces a new content filter agent. For this to work the native Exchange 2007/2010 content filter is disabled. Uninstalling Forefront does not revert back the settings. Here is how we return the system to its original state.
Introducing Exchange 2007/2010 Anti-Spam Agent Logging
- Kenneth Spiteri Feb 28, 2012
When monitoring or troubleshooting the built-in Exchange 2007/2010 anti-spam filters, one less known feature that can make a lot of difference is agent logging. Today we start exploring this functionality and how to configure it.
The Case against Employing Multiple DNSBLs
- Alexander Zammit May 24, 2011
Are you one of those who subscribed to a long list of DNSBLs to filter spam? Is that the most effective approach? What’s the point of using other filters when there are so many freely available DNSBLs?
Email Auto-Whitelisting Pitfalls
- Alexander Zammit Jan 27, 2011
Auto-Whitelisting is a powerful email hygiene tool. As often happens, power can only be effectively applied if coupled with the necessary control functionality. In today’s article we discuss the hidden traps of sender auto-whitelisting.
Guess Who is Cheating Email Retention
- Alexander Zammit Nov 18, 2010
A retention policy determines the length of time emails are to be saved before final deletion. However enforcing the policy without leaving gaps may be trickier than expected. Today we look at how many Organizations fail to apply the policy to all their emails.
Anti-Spam Reverse DNS Testing
- Alexander Zammit Oct 26, 2010
Reverse DNS (rDNS) queries are very often employed to identify email servers that are incorrectly configured. Failing such a test, results in many emails being rejected. Today we discuss how to setup DNS in order for our email servers to pass this test.
VIDEO - Integrating Foreign Spam Filters into Exchange
- Alexander Zammit Sep 21, 2010
Can foreign spam filters lacking Exchange Integration route spam to the Outlook Junk Folder? What about applying Outlook Safe Senders? If you are running SpamAssassin or any other filter that does not directly plug into Exchange, this article shows how integration is easy to achieve.
Quarantine and Reporting for Exchange IMF/Content Filter Agent
- Alexander Zammit Jul 27, 2010
Professional Reporting and Moderation is often associated with the more expensive anti-spam solutions. WinDeveloper is challenging the trend, providing this functionality for the built-in Exchange 2003/2007/2010 anti-spam.
Tarpitting in Exchange 2007
- Alexander Zammit Aug 20, 2009
One small but important improvement in Exchange 2007 was the out-of-the-box enablement of tarpitting. Today we visit Recipient Filtering and tarpitting in Exchange 2007 looking at the relevant configuration elements of this tandem.
Video - Getting Started with the Exchange 2007 Content Filter
- Alexander Zammit May 29, 2009
If starting to explore the Exchange 2007 anti-spam Content Filter, this 10 minute video will walk you through the salient configuration steps. The agenda includes installing the Content Filter, Configuring thresholds, and managing the Junk Email Folder.
Video - Configuring IMF Archive Management Tools
- Alexander Zammit Feb 26, 2009
The Exchange 2003 Intelligent Message Filter allows the archiving of filtered spam. A number of free archive managers are available for reviewing and if necessary resubmitting emails. This video tutorial walks through the basics of installing, configuring and using these tools.
Understanding NDRs and other DSN Reports
- Alexander Zammit Dec 02, 2008
NDR Spam exploits servers that too hastily accept responsibility for emails they cannot deliver. Understanding NDRs and other DSN types help us act on legitimate DSNs and discard spam.
Exchange 2007 Content Filter Updates
- Alexander Zammit Oct 28, 2008
Microsoft provides three types of anti-spam updates for Exchange 2007. Today we see how this evolved from the Exchange 2003 IMF update system. We also see how to enable updates and how to make sure that the latest updates are in-place.
Mind Your Language (charset) Spammer!
- Alexander Zammit Sep 16, 2008
The email character set can be useful in filtering foreign spam. Today we see how character sets relate to languages, how SMTP emails conveys non-English text and how this information can be used in filtering spam.
Anti-Spam Golden Rules – Reject if You Can
- Alexander Zammit Mar 18, 2008
Which is the most appropriate method to filter emails classified as spam? We answer this question comparing the characteristics of rejection, deletion, centralized quarantining and per mailbox junk folders.
Exchange 2007 IP Allow List Inherits Old Problems
- Alexander Zammit Feb 25, 2008
The Exchange 2007 IP Allow List is supposed to whitelist emails allowing them to bypass the anti-spam Content Filter. However just like in Exchange 2003 this is not always the case.
Spam Wave Exposing IMF Achilles' Heel
- Alexander Zammit Feb 06, 2008
A new spam wave is currently giving some headaches to Exchange 2003 IMF and Exchange 2007 Content Filter users. Today we look at the root cause of this problem and look at some stopgap measures.
The Exchange 2007 Content Filter Agent
- Alexander Zammit Jan 24, 2008
The Exchange 2007 Content Filter Agent replaces the Exchange 2003 Intelligent Message Filter. Based on the same SmartScreen technology, the new filter offers a very similar feature set adding some key improvements.
Anti-Spam Golden Rules – Don’t Whitelist Your Domain
- Alexander Zammit Jan 10, 2008
Have you learnt lessons when configuring an anti-spam product that you would recommend others to follow? Today we start a column of practical tidbits that could make all of the difference when configuring a filter.
IMF Archive Management Tools
- Alexander Zammit Nov 22, 2007
IMF Archiving dumps blocked emails to disk. As the archive grows, verifying these emails quickly becomes a challenge unless one of the archive management tools is employed.
Checking RBL Provider Policies
- Alexander Zammit Oct 16, 2007
Would you trust someone external to your organization to set a critical email policy for you? Someone who gives you a free, no obligations service, to decide who can or cannot send you emails?
IIS Problems Following an IMF Update?
- Alexander Zammit Sep 27, 2007
The installation of IMF updates causes an IIS Admin service restart. Sometimes I come across reports of the service staying down requiring a manual start. Check this article before concluding the IMF update is broken.
The Intelligent Message Filter 10x Better
- Alexander Zammit Aug 23, 2007
WinDeveloper recently released IMF Tune version 3. The product promises to give the Intelligent Message Filter a functionality leap, transforming it into a complete enterprise grade anti-spam solution.
Fixing the Junk Email Folder the Hard Way
- Alexander Zammit Apr 10, 2007
There are cases where the Junk Email Folder functionality for the Intelligent Message Filter just won't work. If IMF is correctly configured, if the Junk Email folder is enabled, then it is time to use bad manners.
Filtering POP3 Emails with IMF
- Alexander Zammit Apr 03, 2007
The Microsoft Intelligent Message Filter is known to only process inbound SMTP emails. However with the right configuration, IMF will also process emails from other protocols such as those downloaded over POP3 or IMAP.
Ensuring Exchange Is Not an Open Relay
- Alexander Zammit Jan 16, 2007
Leaving an email server open to relaying hurts the domain reputation. Once listed in public RBLs and private block lists recovering can be costly. Luckily securing Exchange against relaying is easy.
Testing Exchange through Telnet
- Alexander Zammit Nov 28, 2006
Exchange includes various settings determining how SMTP emails are to be handled. Here Telnet becomes an excellent testing tool, providing a direct way to verify everything is functioning as expected.
IMF Update Tips
- Alexander Zammit Nov 21, 2006
Should Intelligent Message Filter Updates be tested before adoption? Will they cause any downtime? Here are the answers that will allow you to confidently keep IMF updated.
Real-Time Block Lists in Exchange 2003
- Alexander Zammit Oct 12, 2006
Real-Time Block Lists identify hosts from which spam and other unwanted emails are distributed. Our journey will cover understanding how RBLs work, some tips on selecting the list provider, and Exchange 2003 configuration.
Use and Abuse of Anti-Spam White/Black Lists
- Alexander Zammit Sep 21, 2006
White and Black lists are often the first line of defence against spam. However trivial the configuration may appear, each list type has some unique characteristics defining their scope and potential effectiveness.
Intelligent Message Filter v2 Operations Guide
- Alexander Zammit Jul 13, 2006
The IMFv2 Operations Guide is now available! Packed with information this is a must read for Exchange 2003 administrators. Here is our review, including a few gotchas to be aware of.
When IMF Skips Email Processing
- Alexander Zammit Jun 13, 2006
Why is the Intelligent Message Filter not processing emails? On searching for possible causes, we find incorrect configuration settings, unsupported usage scenarios, and broken Intelligent Message Filters.
Looking at IMF through the Performance Monitor
- Alexander Zammit May 02, 2006
Whether you want to visualize the Intelligent Message Filter filtering activity, or even analyze a possible threshold adjustment, the Performance Monitor can provide valuable feedback.
Excluding Recipients from IMF Filtering
- Kenneth Spiteri Apr 12, 2006
Microsoft released a new hotfix adding more functionality to IMF. Through it Exchange recipients may skip IMF filtering.
Sender and Recipient Filtering Don't Care of IP Accept Lists
- Alexander Zammit Apr 05, 2006
Exchange 2003 provides a fair mix of anti-spam technologies. Taking most features one by one, the configuration is intuitive and straight forward. Nevertheless once we move a step further from the basic configuration scenarios some unexpected surprises await unwary administrators.
Tar Pitting Directory Harvesting Attacks
- Alexander Zammit Mar 22, 2006
Exchange 2003 Recipient Filtering can eliminate spam addressed to invalid recipients. Nevertheless unless we are careful this can make us easier target for directory harvesting attacks.
The Intelligent Message Filter as an Additional Filtering Layer
- Alexander Zammit Feb 23, 2006
Many organizations adopting the Intelligent Message Filter already have other anti-spam solutions in place. Adding IMF to the picture offers the opportunity to further harden spam filtering. Here are the key points relevant to effectively deploy IMF as the second line of defense.
Connection Filtering IP Accept List in Exchange SP2
- Alexander Zammit Jan 24, 2006
Getting the Connection Filtering IP Accept List to work became trickier since Exchange SP2. IPs configured to bypass the Intelligent Message Filter, sometimes have no effect. Luckily the solution is around the corner.
Troubleshooting IMF v2
- Alexander Zammit Jan 09, 2006
With Exchange SP2, the Intelligent Message Filter is being installed on every Exchange 2003 box. Today we identify the most common IMF v2 deployment problems and see how to best resolve them.
Welcome to IMF Regular Updates
- Kenneth Spiteri Dec 22, 2005
Microsoft just released the first update for IMF v2. This kicks-off Microsoft's plan to distribute IMF updates twice per month. IMF filtering effectiveness is expected to be greatly boosted. Here is how to plug into these updates.
Junk Email Folder for All Outlook Versions
- Alexander Zammit Dec 14, 2005
The Junk Email folder is often considered to be an Outlook 2003 feature. In reality, with Exchange 2003 this functionality is available to all Outlook versions. Nevertheless some differences and pitfalls do exist.
Automatic Junk E-mail Folder Cleanup
- Alexander Zammit Nov 23, 2005
The Junk E-mail folder is a great spam filtering tool. Unfortunately many users forget emptying it, enabling spam to waste valuable storage space. Luckily automatic Junk E-mail cleanup is available, ready to be enabled.
Sender ID and SPF are about Anti-Spoofing
- Alexander Zammit Nov 08, 2005
Since the release of SP2, Sender ID and SPF are in the limelight. But can't a spammer also publish an SPF record? And what happens when no SPF record is published?
SP2 Intelligent Message Filter a Major Step Forward
- Alexander Zammit Oct 25, 2005
The new Intelligent Message Filter shipping with SP2 is expected to be a lot more effective. The reason for this is not a new feature! Indeed this important advancement has so far been overshadowed by the new flashy SP2 features.
Integrating any Anti-Spam Filter into Exchange
- Alexander Zammit Sep 27, 2005
Can SpamAssassin filter emails to the Outlook Junk Email folder? What about applying Outlook Safe Senders/Recipients and Blocked Senders to an anti-spam firewall appliance? Is it possible for anti-spam solutions running on Linux gateways to integrate with Exchange just like the Intelligent Message Filter does?
Centralizing Junk Email Folder Administration
- Alexander Zammit Jul 28, 2005
Each Exchange mailbox has its own Junk Email configuration settings. Administering multiple mailboxes, setting a consistent configuration, quickly becomes challenging. We need tools to centrally administer these settings.
Making Sender ID a De Facto Standard
- Alexander Zammit Jul 13, 2005
Microsoft is making a coordinated effort to push forward the SPF/Sender ID technologies. This is paving the way for wide spread adoption bypassing any arguments against its standardization.
Enabling/Disabling the Junk Email Folder
- Alexander Zammit Jul 06, 2005
Enabling/disabling the Junk Email folder can become tricky. Some Administrators complain that emails remain unfiltered despite enabling it. Others who want it disabled claim that emails are still being filtered. Today we search for the reasons behind this confusion.
Bringing Together the Exchange Anti-SPAM Cocktail
- Alexander Zammit Jun 14, 2005
Ever wondered how many times an email is analyzed for all sorts of things? Today Exchange and Outlook on their own provide four layers just for SPAM filtering. Together these provide quite good protection but as we shall see using all of them might be unnecessary.
What's in the Junk Email Folder?
- Alexander Zammit May 03, 2005
Junk Email folders give the opportunity to verify the emails being classified as SPAM. Users not performing verification might be causing loss of business. In this article we take a close look at this folder and see how organizations can improve the verification process.
IMF SCL Configuration - getting it right
- Alexander Zammit Feb 28, 2005
Correct SCL configuration is the key to a successful Exchange Intelligent Message Filter setup. With a good understanding of SCLs we can get the best results out of IMF. In this article I look at how to do this with the help of windeveloper IMF Tune, a freeware application released for this purpose.
An excellent IMF resource
- Kenneth Spiteri Feb 01, 2005
Looking for a concise guide to the Exchange 2003 anti-spam features?
Hardening Anti-SPAM Protection
- Alexander Zammit Feb 01, 2005
Spam is a moving target. Counter measures need to be flexible in order to keep up. In this article we look at overheads incurred by spam as a measure of whether the current spam protection is adequate. Different filtering technologies are studied within this context. Finally a layered filtering approach is proposed as a response to this challenge.