Ara Rubyan’s Best Free Articles

If you were suddenly made responsible for stopping spam on your Microsoft Windows network, what would you do first? Well, if you’re like me, you’d probably Google “anti spam Exchange server” or something similar to that.

Next, you’d spend some time reading a lot of reviews and articles about anti spam software suited for a Microsoft enterprise network.

Lastly you’d extract (from the articles) a list of the most commonly found bells and whistles that the current anti spam technology offers. You’d use this as a kind of wish list, or yardstick, against which you would judge all the possible anti spam solutions available to you.

Well, as you might imagine, I recently did that and here is a list of features that any decent Exchange server-compatible anti spam solution should have. Your mileage may vary depending on what you need your solution to provide, but here’s my list.

Filter spam on an Exchange mail server by doing one or more of the following:

• Bayesian Analysis

  Anti spam software of this sort allows you to begin by classifying one or emails as “spam.” Then, as your email arrives, the anti spam software looks at every other email to see if fits the definition you set. If it does, it goes to the spam folder; if it doesn’t, it gets through to your inbox. But it doesn’t stop there. Suppose an email gets through the “Bayesian filter.” You can (and should) tag that email as spam — so that the software can add the characteristics of that email to its spam profile. What this means is that future emails of this sort will NOT sneak through.In other words, the anti spam software that uses Bayesian analysis can learn and get better over time — if you teach it to do so.

• Downloadable spam signatures

  Typical Bayesian analysis relies mostly on your own unique description of what you consider to be spam — and that’s important.

But sometimes, two heads are better (and faster) than one. What if you could tap into a database of spam characteristics that were put together by hundreds or thousands of other users? That what you get when you use anti spam software that periodically downloads new spam signatures. The big advantage is that you are casting a wider net. The disadvantage is that you might not agree with the crowd’s opinion of what constitutes spam.

• Keyword checking

  This anti spam feature identifies spam email by looking for certain words, like “Viagra.” As you might imagine, this is a pretty crude method. For example, what if your name is Gay Smith? A keyword-checking spam filter might strike this email for containing objectionable content. Don’t laugh — I just read about this very thing happening.

• Header checking

  This is a pretty basic form of spam blocking where the anti spam software checks to see if the email header shows tell-tale signs of spam:

  • Has the sender identified himself in the From: field? If not, it’s probably spam.
  • Does the email have a “large number” of listed recipients (you can set the number)? If so, consider it the same as spam.
  • Block email containing only remote images. To get around keyword or even Bayesian filters, spammers now send out email that shows only a picture, i.e., a graphic of a bottle of viagra with an associated (non-text) caption. In addition, they might put a small amount of non-spam text in the message. Good anti spam software will block that.
  • Check to see if the domain is real. The anti spam software will do a “DNS lookup.” If the domain is not listed, the email is probably spam.

• Identify directory harvestingA Directory Harvest Attack or DHA is a technique used by spammers in an attempt to find valid e-mail addresses. A spammer can easily generate a flood of messages to multiple addresses at (usually) a corporate email server. These servers are likely to have a standard format for official e-mail aliases (i.e., jdoe(at) company.com, johnd(at)company.com, or johndoe(at)company.com). Any addresses that do not generate a “message delivery failed” email are considered to be valid and are added to the spammer’s list. Good anti spam software should be able to detect this flood of emails and quickly block the spammers from swamping the network.
• Automated whitelistAs you can imagine, a whitelist is the opposite of a blacklist, i.e., it is a list of domains that send good email, not spam. An Automated Whitelist is a whitelist which is created or maintained by the anti spam software that monitors incoming and/or outgoing email, and based on your standards, will add or remove entries from the whitelist without you having to bother.
• 3rd party DNS blacklistMicrosoft Exchange mail servers can compare the routing addresses of incoming emails to a list of servers that spammers are suspected to use. If an email appears to be from a blacklisted server, it is blocked.

  The advantage to this kind of anti spam solution is that you don’t have to install anti spam software; you just use a DNS blacklist to do the filtering for you.

  The downside of this solution is that it can block legitimate email if the innocent bystander happens to share space on a server with the spammer — guilt by association, if you will.

• 3rd party URL blacklistSimilar to a DNS blacklist. The advantage to this kind of anti spam solution is that it is potentially more precise — it blocks spam from a single URL instead from a single server that may host multiple URLs.

  The downside is list pollution, i.e., the database may contain URLs that do not send spam. Spammers will do this to render the entire database unreliable and cause its eventual abandonment.

• Customizable policies for groups, individualsAdministrators can choose to define their own unique rules and policies for blocking spam that may differ from the rules supported by the particular anti spam solution. Usually this means setting custom content filters based on the subject, message headers, message bodies and attachment file type.

  The downside (if there is one) is that it takes time to create and implement these custom policies; however, because it is not a pre-requisite, the administrator can simply go with the standard configuration if she wishes.

• Supports foreign language spamFor some reason, I get a ton of Russian spam every day. So I’m interested in any anti spam solution that can block and filter foreign language spam. It is relatively easy to do — you simply compile a list of foreign language characters that you want to block, and/or entire languages, and/or countries from which the foreign language spam might originate.

  The downside to this is that it is a pretty extreme solution, especially if you expect to get the occasional valid foreign language email.

  If that is the case, your anti spam solution should be able to implement the sorts of techniques for foreign language spam that you would expect in a solution for English language spam.

• Anti phishingPhishing is a criminal activity where a spammer sends you an email pretending to be someone you trust, i.e., your bank, PayPal, eBay, etc. Then, they attempt to get sensitive information from you, like usernames, passwords and credit card details.

  This kind of spam can be blocked if the anti spam software is equipped to look for certain kinds of links, website forgeries, or JavaScript coding in the body of the email.

As I said before, these are just a few of the major features that you might look for when making an informed decision about the kind of anti spam solution to implement on your Microsoft Exchange server.

© 2007 Ara Rubyan. This work is licensed under a Creative Commons Attribution-No Derivative Works 3.0 License. You have permission to use it if you include the resource information below.

For more articles on stopping spam, visit Ara Rubyan’s Spam Blocker Central.

Ara Rubyan is experienced in training design and delivery and has been developing web based training for more than 10 years. His background in training coupled with his IT knowledge help him to ensure the seamless development of product user training.