Spam filter for Exchange 2010

There has been a great body of work dedicated towards guiding businesses on how they should implement a spam filter for Exchange 2010.

Previously it was enough to expect that the security features that were included with the software installation would be sufficient. However, in a world where cybercriminals invest so much money to try and infiltrate staff email accounts it would be no surprise if failing to add additional levels of security results in a database being illegally accessed.

Built in anti spam solutions that were provided for Exchange 2010 or later versions only work after a spam campaign or tactic has been discovered. They do not take preventative measures to block mails that have a certain percentage of the characteristics that are typically associated with spam campaigns. Due to this there is a high probability that your organization could fall victim to a spam attack if additional measures are not put in place.

The anti-spam filter that is provided with Exchange 2010, even with the premium automatic update feature (via Forefront Protection), will only provide retrospective security and does not react to the evolved tactic and attacks that cybercriminals have developed. So if you are using this email solution you need to have a long hard think about what you can invest in a stronger solution. We have put together some guidance on what an acceptable anti spam solution will include.

What a Spam Filter for Exchange 2010 Should Include

  1. Greylisting: This is one of the most crucial email defences that you organization can include. All received emails are sent back to the sender to have them sent again. The reason for this is that spam bots normally send out email in such huge numbers that the replies are not monitored or are lost among unknown sender notifications. Greylisting is a very effective tool when used with Exchange 2010, much more effective than the free solution that comes with the solutions. It not only reduces the risks associated with spam email (phishing, malware, ransomware, etc.), but also reduces the amount of time users spend identifying, reporting and deleting the spam emails they receive – thus increasing productivity.
  2. Whitelisting: This is a feature that comes with Greylisting in most cases. It allows you to change the classification of an email from spam to known sender. This will be that senders marked as known or safe will bypass security and there will be no delay on important emails reaching you.
  3. Outbound scanning: It is just as important to scan you outgoing emails. This will see to it that your business does not fall below preset Spam Confidence Levels. This will stop your business from unknowingly sending out spam emails and being placed on anytime blacklist by spam filters.
  4. SUBRL filtering: SUBRL is a mechanism whereby URLs that are included anywhere in inbound and outbound emails are compared to the lists of known malicious email sites where ransomware and malware may be hosted. Any emails with this content are automatically blocked and the senders are placed on a blacklist.
  5. Automatic updates: These are vital as they avoid the chance of human error occurring by someone forgetting to run an update and allowing cybercriminals to leverage a known flaw to gain access to your database and steal valuable information.