In part 1, we looked at ‘How to Deploy a Spam Filter with Exchange‘, followed by Part 2 where we discussed ‘Three Ways to Configure a Spam Filter with Exchange‘.
In part 3, we will look at Whitelists and Blacklists.
Installing Exchange Server anti-spam components (for Exchange Server 2007 and 2010) can improve security by allowing the administrator to apply whitelists and blacklists on the Edge Transport and Hub Transport servers. But, over time, they can also place a burden on administrators because they must be managed manually.
Using whitelists and blacklists can assist in blocking unwanted messages and allowing wanted messages to get through, but they are not always accurate. Email whitelists are used to reduce the incidence of false positives, often based on the assumption that most legitimate mail will be from a relatively small and fixed set of senders. To block a high percentage of spam, email filters have to be continuously updated, since spammers create new addresses to email from, or use new keywords in their messages which can allow the email to slip through. Spam filters can check any user-specified RBL (Real-Time Blacklist ) to see if the sender’s IP address is being blacklisted. Reliability can be improved by requiring an IP to be blacklisted by two or more RBL servers for it to be marked as spam.
Spam filters can also analyze all URLs specified in the email body itself, and will check any user-specified SURBL blacklist servers to see if the URL in the email is being used to host spam-related websites.
Dedicated third party email anti-spam solutions feature similar whitelist and blacklist capabilities but present them in a more effective and manageable way. When considering an anti-spam solution that will provide all of these capabilities, you should look for products that allow end users to participate in the whitelist and blacklist process but also permit administrators full control of the organization-wide whitelist and blacklist behavior.
Leave a Comment