One of the most popular and growing industries within the IT marketplace is spam filtering/blocking. Numerous companies are offering the latest and greatest spam blocking software. When I attended last year's Tech Ed conference in Dallas, at least 10 to15 companies were hawking spam filtering/blocking software (including Sunbelt Software, which was kind enough to provide me with a t-shirt emblazoned with the battle cry “Spam Sucks, your life shouldn’t”).
Clearly, spam prevention software is burgeoning because spam itself is increasing. To give you an idea of just how much spam is out there today, a report from Microsoft indicates that its MSN and Hotmail services block 2.4 billion messages every day—and that represents only a smidgen of the spam ricocheting across the Internet.
Microsoft is now jumping into the antispam business with the Exchange Intelligent Message Filter, which is being designed to enable Exchange servers to better combat spam. Let's take a look at what it can do.
Some of the important features in the Exchange Intelligent Message Filter include:
- Heuristics-based analysis of messages to determine whether the e-mail is classified as unsolicited commercial e-mail, junk e-mail, or legitimate e-mail
- Capability of adapting over time, making it possible to constantly improve its ability to catch unwanted messages and prevent false positives
- Support for per-message Spam Confidence Level ratings and message tagging
- SmartScreen Technology
At Comdex last year, Microsoft chairman Bill Gates unveiled the SmartScreen Technology and hailed it as a “major advance in the battle to help secure consumers' inboxes and return greater productivity to people's e-mail experience.” He went on the explain that SmartScreen is a machine-learning-based filtering technology that uses probability-based algorithms to "learn" what is and what is not spam based on different characteristics (500,000 different characteristics to be exact) of both types of mail. Somehow Microsoft was able to enlist the assistance of hundreds of thousands of Hotmail users in an attempt to classify certain types of e-mail as spam.
In a December 2003 PressPass report (see full article here), Microsoft reported: “To date, Microsoft has used more than 5 million pieces of spam—identified by 200,000 volunteer MSN Hotmail customers in a filter-training program—to define the criteria used by SmartScreen Technology to help block spam. On-going feedback from MSN Hotmail volunteers helps ensure that the SmartScreen Technology is continually trained and improved.”
By simply clicking on a Report Junk Email button within Hotmail, users can assist Microsoft in rooting out spam before it gets sent to other customers. These reports are also leveraged in the Exchange Intelligent Message Filter, which is aimed at corporate e-mail users in companies using Exchange 2003 and Outlook 2003. Microsoft plans to periodically release updates to the filters, thereby allowing the technology to grow and evolve over time. To date, SmartScreen Technology has already been incorporated into Microsoft Outlook 2003, MSN 8, and Hotmail; the message filter is next.
Configuration and functionality
A common topology seen in many companies is to have a "gateway" mail server located in or near the perimeter network. In order for the message filter to be implemented, this gateway server must be an Exchange 2003 Server and must have the message filter installed on it.
This gateway acts as a filter for mail coming and going onto the network. When a piece of mail coming from the outside arrives, the server performs an evaluation using SmartScreen Technology, assigning a Spam Confidence Level to the e-mail message. The Spam Confidence Level is nothing more than a number that is relative to the probability that the e-mail is spam. This rating is then added to the e-mail properties and follows the e-mail as it makes its way to other Exchange servers and eventually to the destination server inside the network.
The mail administrator can set two thresholds that will allow the Exchange Intelligent Message Filter to handle e-mails that have different Spam Confidence Levels: Gateway Threshold and Mailbox Store Threshold.
Based on the values preset at these thresholds, the following actions will occur. First, on the Gateway Threshold, if an e-mail has a Spam Confidence Level that is lower than the predefined threshold, the e-mail is forwarded to the mailbox store of the intended recipient(s). If the e-mail's Spam Confidence Level is higher than the threshold, the message filter will perform whatever action was preset at the gateway (e.g., possible deletion or relocation to a temporary folder for review). If a message passes through the Gateway Threshold, it is forwarded to the Mailbox Store where another evaluation is performed. If the message has a Spam Confidence Level lower than the localized Mailbox Store Threshold, it is delivered to the user's inbox. If it has a level higher than the local threshold, it is delivered to the user's Junk Email folder instead.
If you use a non-Microsoft e-mail server as your Internet gateway server, you can install Exchange Intelligent Message Filter on a server that is running Exchange 2003 and is configured as a bridgehead server that accepts incoming Internet e-mail messages from your gateway servers.
Requirements and availability
The Exchange Intelligent Message Filter is scheduled to be released during the first half of 2004. It is supported only on an Exchange 2003 Standard Edition or Enterprise Edition mail server, and the supported client is Outlook 2003. It will be available for free to Exchange customers involved in Microsoft’s Software Assurance (SA) programs. Those customers will be eligible to receive one copy of the message filter for every copy of Exchange Server covered under SA.
Many of the antispam companies are probably concerned with Microsoft moving into their niche market. However, Microsoft has also designed the message filter to work in concert with other third-party antispam solutions, which may be able to offer additional functionality.
Microsoft is definitely throwing its weight behind spam prevention, and while it remains to be seen just what impact such efforts will have and whether software such as the Exchange Intelligent Message Filter will be effective, it's encouraging to see some positive efforts from Microsoft.
Jeremy L. Smith, CISSP, is a cybersecurity and public safety professional who has worked with a variety of agencies to improve the security of their call centers and execute their public safety initiatives more effectively, including 911 call taking, cyber security, mass notification, and more. As the former chair of the NENA Security Working Group, he helped lead the development and creation of the public safety industry's first cyber security standards, NG-SEC. He is currently the general manager of the Mass Notification Division of Airbus DS Communications, a leader in the public safety market.