Re: Foreign Language SPAM and Exchange 2003 IMF

Thanks Robbin for a great summary.
I shall work through your recommendations with our client.
Norm Hughes

""Robbin Meng [MSFT]"" <v-robmen@xxxxxxxxxxxxxxxxxxxx> wrote in message

Hello Norm,

Thank you for your post and also thanks for Jim's input.

Anti-Spam is an old and eternal topic. Blocking the spammer domain name/IP
every day is not recommended since most of the spammer will spoof the IP
address and domain name with dynamic ones. Therefore, this method is not
efficient and time-consuming.

Instead please check the following suggestions and links to know more
anti-spam deployment in Exchange server.

Suggestion One: Connection-Level Protection - [ IP Connection Filtering ]
Like Jim indicated, Connection filtering is used to configure Exchange
Server to contact a Realtime Block List (RBL) provider to determine
the computer that an e-mail message is sent from appears in a list of
"blacklisted" computers. You can also configure exceptions to these
connection filters.

How to configure connection filtering to use Realtime Block Lists (RBLs)
and how to configure recipient filtering in Exchange 2003

Use a RBL and stop 90% of the spam. You want Exchange SP2 on your server.

Suggestions Two: Protocol-Level Protection - [Recipient and Sender
Filtering ]
Exchange Server 2003 provides a recipient filtering feature that can block
an e-mail message that has been sent to a recipient that does not exist.
The recipient filtering feature blocks the e-mail message by rejecting the
recipient that does not exist. The recipient filtering feature blocks the
e-mail message at the Simple Mail Transfer Protocol (SMTP) level. A side
effect of this feature is that a malicious sender or a sender of
unsolicited commercial e-mail can enumerate e-mail addresses that do exist
by using a technique that is known as a directory harvest attack.

If you click to select the "Filter recipients who are not in the
check box when you configure the recipient filtering feature, directory
lookup for recipients is enabled. If directory lookup is enabled, senders
of unsolicited e-mail may discover valid e-mail addresses in your Exchange
Server organization.

How to prevent unsolicited commercial e-mail in Exchange 2003

Suggestions Three: Content-Level Protection - [ Intelligent Message
Filter ]
Microsoft Exchange Server Intelligent Message Filter helps companies
the amount of unsolicited commercial e-mail (UCE), also known as spam,
received by users. This guide provides overall operational information to
help optimize the performance of Exchange Server Intelligent Message

1. Microsoft Exchange Intelligent Message Filter£¨IMF£© Deployment Guide

2. Monitoring and Troubleshooting Exchange Server Intelligent Message

Suggestion Four: SMTP tar pitting
Tar pitting is the practice of deliberately inserting a delay into certain
SMTP communications that are associated with spam or with other unwanted
traffic. To be effective, these kinds of communications typically rely on
generating a high volume of traffic. By slowing an SMTP conversation, you
can dramatically reduce the rate at which automated spam can be sent or at
which a dictionary attack can be conducted. Legitimate traffic may also be
slowed by tar pitting.

1. SMTP tar pit feature for Microsoft Windows Server 2003

2. A software update is available to help prevent the enumeration of
Exchange Server 2003 e-mail addresses

More related information:

Exchange Server 2003 Anti-Spam Framework Overview

Exchange server - New Weapons In The Fight Against Spam

TechNet Support WebCast: Fighting spam using Microsoft Exchange Server

Microsoft Exchange Server 2003 Message Security Guide


At the same time, if possible, you may also consider install any anti-spam
program on the server to reduce more spam.

Hope this helps. Also, if you have any questions or concerns, please do
hesitate to let me know.

Thanks for your earlier feedback!

Robbin Meng
Microsoft Online Newsgroup Support