Microsoft Exchange Server 2007 : Exchange Server-Level Security Features (part 1) - Exchange Server 2007 Antispam Measures

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
1/15/2015 3:20:28 AM
As Exchange has adapted over the years, Microsoft has recognized the pitfalls encountered by companies overwhelmed by spam and email viruses. To combat this, they have consistently improved the features of their bundled tools to provide organizations with protection that would have had to be addressed with third-party applications in the past.

Exchange Server 2007 Antispam Measures

As previously mentioned, spam is a global problem that affects everyone with an Internet-accessible email address. The spam problem has grown beyond bothersome; it has become an issue that negatively impacts end-user productivity and places a significant burden on messaging systems.

Exchange 2007 has many antispam measures built in to the application. These methods are especially effective when coupled with Outlook 2007. A few of these features are as follows:

  • Increased protection through integrated security technologies— Exchange Server 2007 acts as the first line of defense on incoming email messages. The Exchange server determines the legitimacy of the message, and is able to disable links or uniform resource locators (URLs) to help protect the user community. In addition, Exchange 2007 offers new antiphishing capabilities to help to prevent emails of this nature from reaching your users in the first place.

  • Improved email legitimacy assurance— Email legitimacy is managed through Email Postmark technology when you combine Office Outlook 2007 and Exchange Server autoencryption. Outlook Email Postmark applies a token (actually a computational puzzle that acts as a spam deterrent) to email messages it sends. This token can be read by a receiving Exchange 2007 server to confirm the reliability of the incoming message.

  • Distribution lists restricted to authenticated users— Using message delivery restrictions, you can configure a distribution list to accept mail from all senders, or specific senders or groups. In addition, you can require that all senders be authenticated before their message is accepted.

  • Connection filtering— Improvements have been made in the configuration and management of IP Block lists, IP Allow lists, IP Block List providers, and IP Allow List providers. Each of these elements can now be reviewed and configured directly from the Exchange Management Console.

  • Content filtering— Exchange 2007 includes the Exchange Intelligent Message Filter, or IMF, which uses the Microsoft SmartScreen patented “machine-learning” technology. This content filter evaluates inbound messages and determines the probability of whether the messages are legitimate, fraudulent, or spam.

    In addition, the IMF consolidates information that is collected from connection filtering, sender filtering, recipient filtering, sender reputation, SenderID verification, and Microsoft Office Outlook 2007 Email Postmark validation. The IMF then applies a Spam Confidence Level (SCL) rating to a given message. Based on this rating, an administrator can configure actions on the message based on this SCL rating. These actions might include the following:

    • Delivery to a user Inbox or Junk E-Mail folder.

    • Delivery to the spam quarantine mailbox.

    • Rejection of the message and no delivery.

    • Acceptance and deletion of the message. The server accepts the message and deletes it instead of forwarding it to the recipient mailbox.

  • Antispam updates— Exchange 2007 now offers update services for their antispam components. The standard Exchange 2007 antispam filter updates every 2 weeks. The Forefront Security for Exchange Server antispam filter updates every 24 hours.

  • Spam quarantine— The spam quarantine provides a temporary storage location for messages that have been identified as spam and that should not be delivered to a user mailbox. Messages that have been labeled as spam are enclosed in a nondelivery report (NDR) and are delivered to a spam quarantine mailbox. Exchange administrators can manage these messages and can perform several actions, such as rejecting the message, deleting it, or flagging it as a false positive and releasing it to the originally intended recipient. In addition, messages with an SCL rating that the administrator has defined as “borderline” can be released to the user’s Junk E-Mail folder in Outlook. These borderline messages are converted to plain text to provide additional protection for the user.

  • Recipient filtering— In the past, an email that was addressed to a specific domain would enter that domain’s messaging service, regardless of whether it was addressed to a valid recipient. This not only utilized bandwidth, but also required Exchange servers to process the messages, create a nondelivery report (NDR), and send that message back out. Now, by using the EdgeSync process on your Hub Transport server, you can replicate recipient data from the enterprise Active Directory into the Exchange Active Directory Application Mode (ADAM) instance on the Edge Transport server. This enables the Recipient Filter agent to perform recipient lookups for inbound messages. Now, you can block messages that are sent to nonexistent users (or to internal use only distribution lists).

  • SenderID— First implemented in Exchange Server 2003 SP2, Sender ID filtering technology primarily targets forgery of email addresses by verifying that each email message actually originates from the Internet domain that it claims to. Sender ID examines the sender’s IP address, and compares it to the sending ID record in the originator’s public DNS server. This is one way of eliminating spoofed email before it enters your organization and uses your company resources.

  • Sender reputation— The Sender Reputation agent uses patented Microsoft technology to calculate the trustworthiness of unknown senders. This agent collects analytical data from Simple Mail Transfer Protocol (SMTP) sessions, message content, Sender ID verification, and general sender behavior and creates a history of sender characteristics. The agent then uses this knowledge to determine whether a sender should be temporarily added to the Blocked Senders list.

  • IP Reputation Service— Provided by Microsoft exclusively for Exchange 2007 customers, this service is an IP Block list that allows administrators to implement and use IP Reputation Service in addition to other real-time Block list services.

  • Outlook junk email filter lists aggregation— This feature helps reduce false positives in antispam filtering by propagating Outlook 2003 and Outlook 2007 Junk Email Filter lists to Mailbox servers and to Edge Transport servers.

Additional Antispam Measures

In the battle against spam, passive measures protect your organization, but more aggressive measures can help lessen the problem overall. The following sections cover some suggestions of ways that your organization can help fight back.

Utilizing Blacklists

Many companies are unknowingly serving as open relays. Many spammers take advantage of this lack of security and utilize the organization’s messaging system to send their unsolicited email. When a company or domain is reported as an open relay, the domain can be placed on a blacklist. This blacklist, in turn, can be used by other companies to prevent incoming mail from a known open relay source.

You can find some organizations that maintain blacklists at the following addresses:

  • Distributed Sender Blackhold List—

  • SpamCop Website—

  • Open Relay Database—

Report Spammers

Organizations and laws are getting tougher on spammers, but spam prevention requires users and organizations to report the abuse. Although this often is a difficult task because many times the source is undecipherable, it is nonetheless important to take a proactive stance and report abuses.

Users should contact the system administrator or help desk if they receive or continue to receive spam, virus hoaxes, and other such fraudulent offers. System administrators should report spammers and contact mail abuse organizations, such as those listed earlier in the “Utilizing Blacklists” section.

System administrators should use discretion before reporting or blocking an organization. For example, if your company were to receive spam messages that appeared to originate from Yahoo! or Hotmail, it wouldn’t necessarily be in your best interest simply to block those domains. In that example, the cure might be worse than the disease, so to speak.

Third-Party Antispam Products

Although Microsoft has equipped users, system administrators, and third-party organizations with many tools necessary to combat spam, the additional use of a third-party product, or products, can provide additional protection. These third-party products can also provide a multitude of features that help with reporting, customization, and filtering mechanisms to maximize spam blocking, while minimizing false positives.

Do Not Use Open SMTP Relays

By default, Exchange Server 2007 is not configured to allow open relays. If an SMTP relay is necessary in the messaging environment, take the necessary precautions to ensure that only authorized users or systems have access to these SMTP relays.


You can use the Exchange Best Practice Analyzer, or other tools such as Sam Spade ( to check your environment for open mail relays.

  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 5) - Using Email Disclaimers
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 4) - Establishing a Corporate Email Policy, Securing Groups
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 3) - Hardening Windows Server 2003 - Running SCW
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 2) - Hardening Windows Server 2003 - Using the Microsoft Baseline Security Analyzer
  •  Microsoft Exchange Server 2007 : Components of a Secure Messaging Environment (part 1) - Hardening Windows Server 2003 - Auditing Policies
  •  Microsoft Exchange Server 2007 : Server and Transport-Level Security - Considering the Importance of Security in an Exchange Server 2007 Environment
  •  Security and Windows 8: Keeping Your PC Safe (part 2) - Windows SmartScreen, Using Windows SmartScreen, Action Center Improvements
  •  Security and Windows 8: Keeping Your PC Safe (part 1) - Windows Defender, Boot-Time Security
  •  Netgear EX6200 AC1200 Wi-fi Range Extender
  •  Windows 8 : Managing BitLocker and other policy-based mobility tools (part 5) - Configuring offline file synchronization, Configuring policy settings for device power
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us