Wednesday, November 28, 2007

2000 Exchange Mail Server - How To Filter Spam (Part Two of Two)

Identify directory harvesting

A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to find valid e-mail addresses. A spammer can easily generate a flood of messages to multiple addresses at (usually) a corporate email server. These servers are likely to have a standard format for official e-mail aliases (i.e., jdoe(at), johnd(at), or johndoe(at) Any addresses that do not generate a "message delivery failed" email are considered to be valid and are added to the spammer's list. Good anti spam software should be able to detect this flood of emails and quickly block the spammers from swamping the network.

Automated whitelist

As you can imagine, a whitelist is the opposite of a blacklist, i.e., it is a list of domains that send good email, not spam. An Automated Whitelist is a whitelist which is created or maintained by the anti spam software that monitors incoming and/or outgoing email, and based on your standards, will add or remove entries from the whitelist without you having to bother.

3rd party DNS blacklist

Microsoft Exchange mail servers can compare the routing addresses of incoming emails to a list of servers that spammers are suspected to use. If an email appears to be from a blacklisted server, it is blocked.

The advantage to this kind of anti spam solution is that you don't have to install anti spam software; you just use a DNS blacklist to do the filtering for you.

The downside of this solution is that it can block legitimate email if the innocent bystander happens to share space on a server with the spammer -- guilt by association, if you will.

3rd party URL blacklist

Similar to a DNS blacklist. The advantage to this kind of anti spam solution is that it is potentially more precise -- it blocks spam from a single URL instead from a single server that may host multiple URLs.

The downside is list pollution, i.e., the database may contain URLs that do not send spam. Spammers will do this to render the entire database unreliable and cause its eventual abandonment.

Customizable policies for groups, individuals

Administrators can choose to define their own unique rules and policies for blocking spam that may differ from the rules supported by the particular anti spam solution. Usually this means setting custom content filters based on the subject, message headers, message bodies and attachment file type.

The downside (if there is one) is that it takes time to create and implement these custom policies; however, because it is not a pre-requisite, the administrator can simply go with the standard configuration if she wishes.

Supports foreign language spam

For some reason, I get a ton of Russian spam every day. So I'm interested in any anti spam solution that can block and filter foreign language spam. It is relatively easy to do -- you simply compile a list of foreign language characters that you want to block, and/or entire languages, and/or countries from which the foreign language spam might originate.

The downside to this is that it is a pretty extreme solution, especially if you expect to get the occasional valid foreign language email.

If that is the case, your anti spam solution should be able to implement the sorts of techniques for foreign language spam that you would expect in a solution for English language spam.

Anti phishing

Phishing is a criminal activity where a spammer sends you an email pretending to be someone you trust, i.e., your bank, PayPal, eBay, etc. Then, they attempt to get sensitive information from you, like usernames, passwords and credit card details.

This kind of spam can be blocked if the anti spam software is equipped to look for certain kinds of links, website forgeries, or JavaScript coding in the body of the email.

As I said before, these are just a few of the major features that you might look for when making an informed decision about the kind of anti spam solution to implement on your Microsoft Exchange server.

(End of Part 2. Part 1 can be found in the index.)

Here's the complete version of this article on how to filter spam on Exchange 2000.

For more articles on stopping spam, visit Ara Rubyan's Spam Blocker Central.

Ara Rubyan is experienced in training design and delivery and has been developing web based training for more than 10 years. His background in training coupled with his IT knowledge help him to ensure the seamless development of product user training.

Article Source: