Security

SolutionBase: Techniques for reducing spam with Outlook 2003 and Exchange 2003

Spam is becoming an increasing problem, clogging e-mail clients and servers alike. Here are some new features in Outlook 2003 and Exchange 2003 that can help you combat it.


E-mail is one of those applications that has completely changed business. Spam has changed the way direct marketers do business, while simultaneously clogging e-mail servers and clients, almost negating the business advantages that e-mail provided in the first place. Microsoft has been doing a lot to help fight spam, and both Exchange 2003 and Outlook 2003 have many new antispam mechanisms built into them. In this article, I'll explain how you can use these mechanisms to reduce the amount of spam that you receive.

Won't spam just go away?
In late 2003, the U.S. federal government passed antispam legislation that will make it illegal to send spam. I recently had a conversation with a friend who told me that implementing antispam software was a waste of time and money because spam will soon be going away since it is now illegal.

When I asked him why he thought that, he told me that the government had recently cracked down on telemarketers by implementing a National Do Not Call Registry. After doing so, telemarketing went away practically overnight. My friend said that the antispam legislation should do the same thing for spam as the antitelemarketing legislation had done for telephone solicitation.

While this sounds good in theory, the problem with this reasoning is that the majority of spam is sent from foreign countries. Since foreign countries are not under the jurisdiction of the US federal government, the new antispam legislation does not apply to them. Therefore, don't expect to see any reduction in the amount of spam that you receive unless you take some steps to block spam.

Outlook 2003
Now that I've explained why I think antispam mechanisms are still necessary, let's take a look at the antispam capabilities that are built into Outlook 2003. These antispam mechanisms can function quite well, even in a non-Exchange server environment, just as Exchange's antispam capabilities work for clients who aren't using Outlook 2003. According to Microsoft, though, you really need to be using Exchange 2003 and Outlook 2003 together to gain the most benefit from the antispam mechanisms.

Outlook 2003's antispam mechanisms are deceptively simple. If you select the Junk E-Mail option from Outlook's Action menu, you'll see a submenu containing several options. Among these options are:
  • Add Sender To Blocked Senders List
  • Add Sender To Safe Senders List
  • Add Sender's Domain To Safe Senders List
  • Add Recipient To Safe Senders List

These options are the equivalent of the blacklist/whitelist feature found in virtually every antispam product. Personally, I don't recommend even bothering with the Add Sender To Blocked Sender List option. While this feature does work, spammers tend to use disposable e-mail addresses. The address that you block today will probably never be used again, so it doesn't really make sense to block it.

On the other hand, I am a big fan of whitelists. A whitelist is basically a list of people whose messages should never be flagged as spam, regardless of the content. There are three basic whitelist options. You can add the sender of a message to a white list, or if you're sending a message to someone, you can add the recipient to a whitelist. In addition, you can add an entire domain to a whitelist. There are several reasons why you might want to do this.

For example, I write for a lot of different editors at TechRepublic. It's much faster to tell Outlook that nothing from techrepublic.com should be flagged as spam than it would be to add every single mailbox. Another reason you might use a domain entry is to help you get newsletters to which you subscribe. For example, I subscribe to the Relevant Security News. I know that the newsletter comes from relevanttechnologies.com, but I don't know the exact address that's being used to send the newsletter. Whitelisting the entire domain ensures that I get my newsletter regardless of the address used to send it.

One other reason for whitelisting an entire domain is to make room for growth within your own company. For example, since I own www.brienposey.com, I have whitelisted the brienposey.com domain. It might seem strange to whitelist my own domain when there are only a few mailboxes, but the idea is that if brienposey.com were to grow, all future mailboxes would automatically be whitelisted.

As I mentioned before, the blacklist/whitelist features are pretty standard in antispam software. Another menu option on the Junk E-Mail menu is the Mark As Not Junk Mail option. You can use this option to retrieve a message that was mistakenly flagged as being spam. Before you get too excited, I should point out that this is the extent of what this menu option does. Outlook does not attempt to learn what you do and do not consider to be spam.

The final option on the Junk E-Mail menu is the Junk E-Mail Options command. When you select this command, Outlook will open the Junk E-Mail Options properties sheet. This properties sheet contains tabs for Safe Senders, Safe Recipients, and Blocked Senders. Basically, these tabs offer you a way to review or modify the contents of your blacklists and whitelists. There are a couple of notable features on these tabs, though.

All three of these tabs contain buttons that you can use to import and export the list to and from a file. That way, if you have a small office, you can easily share a blacklist or whitelist among Outlook users. Another notable option is that the Safe Senders tab contains a check box you can use to automatically trust messages coming from anyone in your Contacts list. This option is enabled by default.

The Junk E-Mail Options properties sheet also contains a fourth tab called Options. This tab does more to eliminate spam than all of the other tabs combined. The Options tab, shown in Figure A, simply asks you to choose the level of junk e-mail protection that you want.

Figure A
Outlook allows you to configure the level of spam protection that you want to use.


By default, the filtering level is set to low. This catches only the most obvious spam. You can also set the filtering level to High, which catches a whole lot more spam. Other alternatives include disabling spam filtering completely or accepting mail only from people on your whitelist.

Normally, when Outlook traps spam, it places the message into the Junk E-mail folder for you to review at a later time. There is, however, a check box that you can use to permanently delete spam rather than moving it to this folder.

Microsoft recommends using Outlook with the Low Filtering setting for the first couple of weeks. This will give you the chance to scan the Junk E-Mail folder for anything that Outlook might consider spam, but that you don't consider spam. During this time you should also be working on your whitelists. After you feel good about your whitelists and are satisfied that Outlook isn't blocking legitimate mail, you can turn the spam filtering level up to High, which should trap most of your spam.

Earlier I mentioned that Outlook does not attempt to learn what you do and don't consider to be spam. Since this is the case, you might be wondering how Outlook determines what is spam. Basically, Microsoft has recruited 250,000 MSN members to volunteer to help them figure out if a message is or is not spam. Microsoft then uses a program that analyzes the characteristics of each message to determine what makes it spam vs. a legitimate message. Using this program, Microsoft has come up with over 100,000 variables to use to analyze each message. The analytical process generates a numerical score for each message. If the numerical score is above a certain value, then the message is assumed to be spam. Setting Outlook to a high filtering level vs. a low filtering level merely changes the threshold value used to determine if a message is spam.

Although it isn't something that you can configure, Outlook also helps prevent spam by blocking HTML code and images in messages from anyone who isn't on your whitelist. Both options offer ways to protect yourself against spam that makes it through your filters.

Suppose that a pornographic spam were to slip through the filter. Since all of the images are blocked, it prevents any of your employees from suing you because they were offended by the images. Preventing HTML scripts from running offers another layer of protection against spam. Such scripts are often used to plant beacons that result in even more spam being sent to you. These scripts have also been used to hijack Internet Explorer and plant adware and spyware on your machine.

Remember that the only way to make sure that spam filtering continues to be effective is to keep Outlook updated. You can get these updates by visiting Microsoft's Office Web site and then clicking on the Downloads link.

Exchange 2003
Exchange Server 2003 also has some antispam capabilities built in. Although some of these powers are also present in Exchange 2000, the single most important of these mechanisms is the ability to control mail relay. Spammers often look for a server to relay mail through. In doing so, they can obscure their identities. Spam appears to be coming from the relay server rather than from the spammer.

If your Exchange server were to be used as a relay, all of the spam being relayed would consume a tremendous amount of server resources such as disk space, RAM, and Internet bandwidth. Likewise, spam recipients will likely blacklist your organization, meaning that you may have trouble sending even legitimate e-mails without them being considered to be spam by the recipients.

The next biggest Exchange 2003 antispam capability involves the way that it interacts with Outlook 2003. Earlier I mentioned that over 100,000 variables were considered when determining whether or not a message was spam. When an Exchange 2003 server is being used, this processing occurs at the server level, relieving the individual workstations of this burden. Likewise, although blacklists and whitelists are maintained at the client level, they are processed at the Exchange server.

Microsoft's biggest step in fighting spam is not yet a reality. Sometime in the first half of 2004, Microsoft will be releasing a product called Exchange Intelligent Message Filter. This product will likely be sold as an add-on for Exchange. It is designed to work on the same principle as Outlook's message filtering, but at a much higher level.

As you may recall, Outlook's message filtering is based on the information provided by 250,000 MSN members. The data was then analyzed, and Microsoft came up with about 100,000 variables that they could use to determine whether or not a message should be considered spam.

Exchange Intelligent Message Filtering works on the same principle, but at a higher level. In developing this product, Microsoft obtained spam/not-spam data from hundreds of thousands of MSN and Hotmail users. This information was used to come up with over 500,000 variables that could be used to tell whether or not a message should be considered spam.

As you may recall, Outlook 2003 uses its algorithm to calculate a threshold value. Messages that have computation levels that exceed this value are moved to the Junk E-mail folder, while messages with a lower value are delivered to the Inbox. The Exchange Intelligent Message Filter takes this concept one step further. You will be able to set a gateway threshold and a mailbox store threshold. The gateway threshold will be a very high number. The idea is that the most obvious spam will be blocked at the gateway level and will never even make it to anyone's Junk E-mail folder.

Messages making it past the gateway filter will then be compared against the mailbox threshold value. Messages with a score above this value will be placed in the recipient's Junk E-Mail folder, while lower-scoring messages will be delivered to the user's Inbox.

Editor's Picks

Free Newsletters, In your Inbox