10.3 Tips for avoiding junk e-mail

 < Day Day Up > 



Senders of junk e-mail have proven to have a high disregard for what is considered right or proper. Unfortunately, they also have proven themselves to be unscrupulously adept at bypassing all attempts to protect the unwilling recipients. The dilemma for Exchange administrators is how to block 100% of the incoming junk e-mail without occasionally blocking some legitimate e-mail that may have false positive matches. Unfortunately, there is no foolproof way to solve this problem.

Some suggest that the solution to the junk e-mail problem is legislation. However, the Internet crosses country borders, therefore enforcement of any laws would face jurisdictional problems. Even if the majority of countries agree to enforce antispam laws, there would always be at least one country willing to provide safe haven for junk e-mailers. While waiting for legislative protection, there are a variety of user actions and system tools that you can begin using immediately to reduce the amount and impact of junk e-mail. The actions you should take fall into several general categories, including the following:

  • Actions system managers should take to avoid being part of the problem

  • Actions users should take to keep off distribution lists for junk e-mail

  • Actions system managers should take to keep user names off distribution lists for junk e-mail

  • Actions system managers should take to block incoming junk e-mail

  • Actions users should take to block incoming junk e-mail

10.3.1 System manager actions: Don’t become part of the problem

Disable Simple Mail Transfer Protocol relay for unknown systems

Relaying e-mail through an unsuspecting SMTP server is a common practice of people who distribute unsolicited commercial e-mail. Relaying this unwanted e-mail hides the actual source of the e-mail. You should carefully consider which systems you will allow to relay e-mail through your SMTP virtual servers. Being used as an unauthorized relay makes it look as though your server is the source of the junk e-mail. Appearing to be the source of junk e-mail can jeopardize your organization’s reputation and could inhibit its ability to do business. Systems that appear to be the source of junk e-mail usually end up being added to the deny lists maintained by commercial spam filter products and by block list service providers. Being added to these lists will result in other companies rejecting all e-mail—including legitimate e-mail—that originates from your domain. Disabling SMTP relay is one step in protecting your organization from being identified as an originating host for junk e-mail. You can find the SMTP relay options by selecting the Relay button on the Access tab of each SMTP virtual server’s properties (Figure 10.1). (See Section 6.8 in Chapter 6 for more information about SMTP virtual server parameters.)

click to expand
Figure 10.1: Simple Mail Transfer Protocol Virtual Server – Access tab

Shut down outgoing junk e-mail

Junk e-mail sent by your own users is a more difficult problem to solve because blocking their use of the e-mail system for distributing junk e-mail also could block their legitimate e-mail messages. The best method to shut down outgoing junk e-mail is through strict enforcement of company policies (i.e., to terminate any user caught sending junk e-mail). However, you can perform content filtering of outbound e-mail to help minimize the problem until you catch and terminate any internal senders of junk e-mail. Many of the commercial junk e-mail filtering products will perform outbound content filtering in addition to providing protection against inbound junk e-mail.

Note 

Many organizations may also want to block outgoing messages that contain offensive language or other specific types of content. Content filtering of outbound e-mail also can be used for this purpose.

10.3.2 User actions: Keep off distribution lists for junk e-mail

Remove your e-mail address from publicly accessible websites

To foil robots and spiders from harvesting your e-mail address, you should avoid (or at least minimize) posting your e-mail address on public websites and in USENET groups. If possible, you should remove your e-mail address from websites where it is already posted. Because harvested e-mail addresses appear to have a relatively short lifespan, your e-mail address will eventually be dropped from junk e-mailers’ distribution lists.

Disguise e-mail addresses posted in public places

Of course, you cannot avoid posting your e-mail address in all cases. Because many robots and spiders identify e-mail addresses by searching for text strings that contain “@” or “.com” or “.net,” you can minimize the impact of posting your e-mail address by not using the “@” and “.” characters. One option is to replace these characters with their human-readable equivalents—e.g., “mike at domain dot com” instead of “mike@domain.com.” Posted e-mail addresses using “at” and “dot” rarely receive junk e-mail, but they can still be correctly interpreted by people who might want to send e-mail to you.

Another (more complex) option is to post your e-mail address in HTML using the numeric equivalent of the characters. For example, in HTML, the numeric equivalent for the letter “m” is “&#109” and the numeric equivalent for the “@” character is “&#064.” Using the numeric equivalents, you can write the e-mail address “mike@domain.com” as “&#109; &#105; &#107; &#101; &#064; &#100; &#111; &#109; &#097; &#105; &#110; &#046; &#099; &#111; &#109.” Web browsers will display this numeric e-mail address as “mike@domain.com,” thus making it human-readable, but the HTML source code will not contain the “@” or “.” characters that robots and spiders use to identify e-mail addresses.

Pay attention to forms that request the right to send you e-mail messages or share your e-mail address with partners

Many users have actually unknowingly signed up to receive junk e-mail. You should carefully read both online and paper forms that request your e-mail address. They ask for your e-mail address for a reason: they plan to use it. Some companies also will ask whether they can share your e-mail address with their partners. Make sure you understand and agree with how they plan to use your address before you give it. If you don’t want to receive e-mail from a particular company or their partners, do not give them your address. Some companies that ask for your e-mail address will offer you the option to decline to receive e-mail. For the most part, companies that offer a choice about receiving e-mail respect that choice. Be wary of companies that do not offer a choice. These are often the companies that share or sell e-mail addresses without your consent.

Use disposable e-mail addresses

Another effective alternative, especially when posting your e-mail address to an unfamiliar website, is to use a disposable address. There are many e-mail providers, such as aol.com, yahoo.com, and msn.com, who will offer you additional free e-mail addresses. By using different disposable e-mail addresses for different websites, you can quickly determine which websites are responsible for adding your address to junk e-mail distribution lists. More importantly, you can easily discard (or ignore) e-mail addresses that attract too much junk e-mail.

Never respond to junk e-mail

Senders of junk e-mail are always in search of ways to verify that the addresses on their distribution lists are valid. When senders of junk e-mail know that the address is valid, they add the address to their full collection of junk e-mail distribution lists. Many junk e-mail messages offer a website or an e-mail address where you can opt to remove your e-mail address from their distribution list. Do not be fooled. For the most part, senders of junk e-mail use these mechanisms to validate your address, not to remove it. Do not use their optout mechanism, and do not reply to their junk e-mail. Your response just invites more spam.

Do not read HyperText Markup Language–formatted messages from unknown senders

You may have noticed that most junk e-mail arrives as HTML messages. One advantage of HTML-formatted messages is that the sender can create a more professional appearance for the message. However, the real reason senders of junk e-mail deliver their spam using HTML-formatted messages is so they can surreptitiously gather information about you.

Many (perhaps most) HTML-formatted junk e-mail messages contain an embedded “beacon.” Web beacons are usually single-pixel, transparent Graphics Interchange Format (GIF) images containing Uniform Resource Locators (URLs) that are included in the HTML code that makes up the mail message body. When an HTML-capable e-mail client (such as Outlook) opens the message, the e-mail client processes the URL to download the GIF image. However, the URL usually references a script on the junk e-mailer’s web server rather than (or in addition to) an image. The script collects information about the message recipient, such as the recipient’s e-mail address and other personal data that may be available on the recipient’s system.

Users should never read HTML-formatted messages from unknown senders. This includes not reading the message in the preview pane. This prevents Outlook from displaying the message (which triggers the beacon) and keeps the junk e-mail sender from gathering data. You can use the following procedure to keep Outlook from displaying Internet images.

  1. In Outlook, select Tools →Options.

  2. In the Options dialog box, select the Mail Format tab.

  3. On the Mail Format tab, select the Internet Format button.

  4. In the Internet Format dialog box, clear the When an HTML message contains pictures located on the Internet, send a copy of the pictures instead of the reference to their location check box.

By default, Outlook 2003 and Outlook Web Access 2003 block external HTML to stop senders of junk e-mail from using beacons. Users can unblock HTML on a per-message basis for messages they know do not contain beacons.

10.3.3 System manager actions: Keep user names off distribution lists for junk e-mail

Avoid easy-to-guess names

Because brute force attacks often target common names (e.g., “bob” or “smith”) or common names and first initials (e.g., “bsmith”), some e-mail addresses are more vulnerable to brute force attacks than others. If you have an easily guessed user name, you may want to modify it to make it more difficult to guess. For example, “mike.daugherty@domain.com” is less vulnerable than “mike@domain.com.”

Do not send out of office responses to unknown domains

The Allow out of office responses check box controls whether Exchange will send automatically generated out of office messages to the specified domain. If the specified domain is the Internet, and if your users are listed on large external distribution lists such as those maintained by various Internet newsgroups, it is best to disable out of office messages to the Internet so that these messages are not sent to the external list. Junk e-mail senders often rely on out of office messages, automatic replies, and delivery reports to validate an e-mail address. When senders of junk e-mail know that the address is valid, they add the address to their full collection of junk e-mail distribution lists. To limit the number of spam messages, it is a good idea to suppress out of office messages, automatic replies, and delivery reports for most Internet domains, especially those domains that offer free e-mail (e.g., hotmail.com, aol.com, msn.com). You can find the Allow out of office responses check box on the Advanced tab of the per-domain Internet Message Formats properties (Figure 10.2). (See Section 6.6 in Chapter 6 for more information about the Internet Message Formats properties.)

click to expand
Figure 10.2: Per-domain Simple Mail Transfer Protocol Configuration – Advanced tab

Do not send automatic replies to unknown domains

The Allow automatic replies check box controls whether Exchange will allow automatic replies to be sent to the specified domain. It is best to disable this option for most Internet domains. You can find the Allow automatic replies check box on the Advanced tab of the per-domain Internet Message Formats properties (see Figure 10.2).

Do not allow automatic forward to unknown domains

The Allow automatic forward check box controls whether Exchange will allow messages to be automatically forwarded to the specified domain. It is best to disable this option for most Internet domains. You can find the Allow automatic forward check box on the Advanced tab of the per-domain Internet Message Formats properties (see Figure 10.2).

Do not send delivery reports and nondelivery reports to unknown domains

The Allow delivery reports check box controls whether Exchange will allow delivery reports to be sent to the specified domain. Similarly, the Allow nondelivery reports check box controls whether Exchange will allow nondelivery reports to be sent to the domain. It is best to disable both of these options for most Internet domains. You can find these check boxes on the Advanced tab of the per-domain Internet Message Formats properties (see Figure 10.2).

Do not disclose corporate information to unknown domains

Exchange SMTP virtual servers can be configured to include the sender’s display name (usually the sender’s full name) in addition to the sender’s e-mail address. Many companies suppress the sender’s name to prevent recipients from learning information about the company’s divisions, job titles, or locations that may be embedded in the display name. You should disable the Preserve sender’s display name on message check box for most Internet domains. You can find this check box on the Advanced tab of the per-domain Internet Message Formats properties (see Figure 10.2).

Do not tell senders of junk e-mail that you have blocked their messages

When Exchange filters an incoming message because the sender’s SMTP address is on your list of suspected junk e-mail senders, you have an option to tell the sender that the incoming junk e-mail was blocked. Do not do this. Instead, select the Accept messages without notifying sender of filtering check box to keep from sending a nondelivery report to the sender of blocked messages. Junk e-mail senders often rely on nondelivery reports or other automatic notifications to validate an e-mail address. When junk e-mailers know that the address is valid, they add the address to their full collection of junk e-mail distribution lists. To limit the number of spam messages, it is a good idea to suppress nondelivery reports for most Internet domains. Message delivery will still be blocked and the blocked message can still be archived, but the sender will not be told. You can find this check box on the Sender Filtering tab of the Message Delivery properties (Figure 10.3). (See Section 6.5 in Chapter 6 for more information about the Message Delivery properties.)

click to expand
Figure 10.3: Message Delivery – Sender Filtering tab

10.3.4 System manager actions: Filter incoming junk e-mail

Filter messages on the basis of the sender’s Simple Mail Transfer Protocol address

You should filter messages sent by particular users who are known distributors of junk e-mail. You can add SMTP addresses to be blocked on the Sender Filtering tab of the Message Delivery properties (see Figure 10.3). Incoming messages from these e-mail addresses will not be delivered to the recipient. You can use wild card characters to block a group of users. For example, to block all messages from the badpeople.com domain, enter *@badpeople.com as the e-mail address. Because junk e-mail senders change domain names frequently, filtering on the basis of domain names should not be your only strategy for blocking incoming spam.

Filter messages with blank senders

Knowing that some e-mail products can block delivery of incoming e-mail on the basis of the sender’s SMTP address, junk e-mail senders sometimes send their junk e-mail with a blank SMTP From field. Select the Filter messages with blank sender check box on the Sender Filtering tab of the Message Delivery properties (see Figure 10.3) to block delivery of messages in which the From field is blank.

Terminate Simple Mail Transfer Protocol session when you detect a junk e-mail sender

You should select the Drop connection if address matches filter check box to immediately terminate the SMTP session if a sender’s address matches an address on the sender filtering list (see Figure 10.3).

Use at least one block list service provider

You should use at least one block list service provider to identify and filter senders of junk e-mail. Using a block list provider allows you to compare an incoming IP address against the provider’s list for categories you want to filter. If the IP address appears on the list, the provider returns a status code or bit mask indicating a positive match. You can configure Exchange to use a block list service provider on the Connection Filtering tab of the Message Delivery properties (Figure 10.4). You can use the Exception button to add any SMTP addresses that you want to treat as exceptions to the connection rules.

click to expand
Figure 10.4: Message Delivery – Connection Filtering tab

Filter messages on the basis of the sender’s Internet Protocol address or subnet

You should use the Deny button on the Connection Filtering tab of the Message Delivery properties (see Figure 10.4) to specify IP addresses that should always be denied. For each entry in the list, you can specify a single IP address or a group of IP addresses (using the subnet address and subnet mask). Filtering junk e-mail on the basis of the sender’s IP address is generally more effective than filtering on the basis of the SMTP address because junk e-mail senders typically do not change their IP addresses as often as their SMTP addresses. However, many professional senders of junk e-mailers have a set of class C addresses and will use more than one IP address. For these junk e-mail senders, you may find it more effective to block a range of IP addresses instead of a single address. Of course, the risk associated with blocking the full subnet is that other legitimate e-mail users may share the same subnet as the junk e-mail sender. Therefore, take care when blocking a range of IP addresses. You also can use the Accept button to specify IP addresses that should always be accepted. The global accept list overrides the global deny list. This is useful for situations in which you want to block all but one IP address from an IP subnet. You can block the group of IP addresses by entering the subnet and mask on the global deny list and then adding the individual IP address to the global accept list.

Filter messages on the basis of the recipient’s Simple Mail Transfer Protocol address

You can prevent the delivery of messages that are sent to particular recipient SMTP addresses on the Recipient Filtering tab of the Message Delivery properties (Figure 10.5). Incoming messages sent to these e-mail addresses will not be delivered to the recipient. You can use wild card characters to block a group of users. For example, to block all messages sent to the company.com domain, enter *@company.com as the e-mail address.

click to expand
Figure 10.5: Message Delivery – Recipient Filtering tab

Filter messages if the recipient is not listed in the Active Directory

You should block delivery of incoming messages sent to recipients who are not listed in the Active Directory. You can do this by selecting the Filter recipients who are not in the Directory check box on the Recipient Filtering tab of the Message Delivery properties (see Figure 10.5). Exchange only performs Active Directory lookups and blocks invalid recipients for incoming mail destined to a domain over which it is authoritative. One unfortunate side effect of enabling this check box is that it causes the SMTP virtual server to send a different response for valid and invalid recipients. A junk e-mail sender could use these differing responses to discover valid e-mail addresses in your organization.

Use a commercial server-side filter product

Stopping junk e-mail at the server (i.e., before it gets to the intended recipient) is the best way to avoid spam. In addition to the filtering capabilities that Microsoft includes with Exchange, there are several commercial server-side spam filters that work with Exchange. These products use multiple techniques, including filtering on the basis of the sender’s SMTP and/or IP addresses, filtering on the basis of content, and filtering e-mail from known junk e-mail servers and domains to identify and block incoming spam. Unfortunately, no filter—even if it is a commercial product—is perfect. All will occasionally allow some junk e-mail to slip past the filter and block some legitimate messages. Although they may not be perfect, they can definitely reduce the amount of junk e-mail.

Create your own server-side filter

Microsoft has published details about Exchange APIs so that vendors can create their commercial server-side filter products. Because the Exchange SMTP event sinks are accessible, it is possible for you to build your own junk e-mail filter to scan for specific keywords, to watch for specific SMTP addresses or IP addresses, and to develop other filtering options. Even though the APIs are available, few companies actually write their own junk e-mail filters because the cost of writing, testing, and maintaining the custom filter usually exceeds the cost of buying one of the commercially available server-side filter products. In addition, unless you have some truly unique filtering technique, your custom filter is likely to have less functionality than the commercial filters.

Create a sacrificial account to monitor for bulk mail attacks

Because no filter is perfect, some (hopefully small) amount of junk e-mail will make it past even the best filters. One way to detect bulk mail attacks is to create a sacrificial e-mail account with an address that is never posted to the Internet and never used to send e-mail. Any incoming e-mail is most likely the result of a brute force attack. Any junk e-mail that makes it past your filters for this sacrificial account is probably also being targeted at the rest of your user population. If you monitor the incoming e-mail for this account, you can quickly identify the characteristics (e.g., sender’s SMTP address, IP address, keywords or phrases) for the junk e-mail and modify your filters to block future e-mail with these characteristics.

You can identify the sender’s IP address by right-clicking on the junk e-mail message in Outlook and selecting Options to display the Message Options dialog box (Figure 10.6). The Internet headers area in the bottom half of the dialog box contains a variety of information about the e-mail message, including the name and IP address of the server from which the message was sent.

click to expand
Figure 10.6: Message options

Use authenticated distribution groups

Authenticated distribution groups allow only authenticated Windows users to send messages to a particular distribution group. This keeps junk e-mail senders from misusing a distribution group to send junk e-mail to the distribution group’s members. You can restrict access to a distribution group on the Exchange General tab of the Distribution Group properties. (See Section 7.3 in Chapter 7 for more information about the Distribution Group properties.)

10.3.5 User actions: Filter incoming junk e-mail

Use Outlook’s Junk Mail feature

Outlook also includes a junk e-mail filter that users can configure to filter junk e-mail and adult content messages. As with any client-based filter, messages will remain in your inbox, and the Outlook junk e-mail filter will not begin processing messages until your Outlook client connects to the Exchange server.

You can use the following procedure to enable Outlook junk e-mail filtering for Outlook 2000 or Outlook 2002.

  1. In Outlook, select Tools →Organize to display the Ways to Organize Inbox wizard.

  2. Select the Junk E-Mail option in the Ways to Organize Inbox wizard (Figure 10.7).

    click to expand
    Figure 10.7: Outlook 2002 Junk E-mail Filter

  3. You can use the drop-down lists to indicate how you would like Outlook to handle junk e-mail and adult content messages. You can either move filtered messages to another folder (such as the Junk E-Mail folder or the Deleted Items folder) or use a different color font to highlight the filtered messages.

  4. Select the Turn On buttons to begin filtering junk e-mail and adult content messages. Outlook scans messages for specific keywords often associated with junk e-mail and adult content messages. You can find the specific keywords in the filters.txt file (Figure 10.8) in the Microsoft Office directory on the client system.

    click to expand
    Figure 10.8: Outlook 2002 Filters.txt file

  5. Once you enable the filters, you can categorize newly arrived messages as junk e-mail by right-clicking on the message and selecting Junk E-Mail Add to Junk Senders list. To categorize the new message as adult content, select Junk E-Mail Add to Adult Content Senders list. Outlook will add the sender’s SMTP address to either the Junk Senders list or the Adult Content Senders list. Outlook will automatically categorize subsequent messages from the SMTP addresses in these lists as either junk e-mail or adult content.

The following procedure can be used to view the SMTP addresses in the Junk Senders list:

  1. In Outlook, select Tools →Organize to display the Ways to Organize Inbox wizard.

  2. Select the Junk E-Mail option in the Ways to Organize Inbox wizard (see Figure 10.7).

  3. In the Ways to Organize Wizard, select the click here hyperlink and then select Edit Junk Senders to display the Edit Junk Senders dialog box (Figure 10.9). E-mail from these SMTP addresses will be marked as junk e-mail. You can manually add addresses to the list, edit addresses in the list, or delete addresses from the list by selecting the Add, Edit, or Delete buttons.


    Figure 10.9: Outlook 2002 – Edit junk e-mail senders

In a similar manner, you can view the entries in the Adult Content Senders list by selecting Edit Adult Content Senders. E-mail from these SMTP addresses will be marked as adult content e-mail. You can manually add addresses to the list, edit addresses in the list, or delete addresses from the list by selecting the Add, Edit, or Delete buttons.

Use the Junk E-Mail feature of Outlook 2003

Outlook 2000 and Outlook 2002 used a rules-based technique and keywords to detect and block junk e-mail. However, Outlook 2003 takes a more sophisticated and more effective approach. The junk e-mail processing of Outlook 2003 consists of the following steps:

  1. Outlook compares the sender’s SMTP address with the addresses stored in your contacts folder. Outlook assumes that any message from someone listed in your contacts folder is a legitimate message.

  2. Outlook compares the sender’s SMTP address with the addresses stored in the Exchange Global Address List (GAL). Outlook assumes that any message from someone listed in the GAL is a legitimate message.

  3. Outlook compares the sender’s SMTP address with the addresses listed in your Trusted Senders list. The Trusted Senders list contains addresses you have identified as users from whom you will always accept messages. Outlook will deliver any message from someone listed in your Trusted Senders list.

  4. Outlook compares the recipient address with the addresses listed in your Trusted Recipients list. Adding an address to your Trusted Recipients list indicates that you will always accept messages sent to the specified address. For example, this could be distribution list to which you belong. If you trust the distribution list owner to ensure that no one uses the distribution list for junk e-mail, you could add the distribution list address to your Trusted Recipients list. Outlook will deliver any message sent to an address listed in your Trusted Recipients list.

  5. Outlook compares the sender’s SMTP address with the addresses listed in your Junk Senders list. The Junk Senders list contains addresses you have identified as users from whom you will not accept messages. If an incoming message is from someone listed in your Junk Senders list, Outlook will move the message to your Junk E-mail folder.

    Note 

    Outlook 2003 caches the Trusted Senders list, Trusted Recipients list, and Junk Senders list to facilitate rapid searches.

  6. Outlook uses its e-mail filter to analyze the message, looking for characteristics (e.g., keywords, blank sender address) typical of junk e-mail. The filter uses a scoring system to determine whether the message appears to be junk e-mail. If the rating for this message exceeds the threshold for junk e-mail, Outlook will move the message to your Junk E-mail folder.

  7. Outlook assumes that any message that makes it through the preceding steps is a legitimate message and leaves the message in your inbox.

The following procedure can be used to enable Outlook junk e-mail filtering for Outlook 2003.

  1. In Outlook, select Tools : Options.

  2. On the Preferences tab, select the Junk E-mail button to display the Junk E-mail Options dialog box.

  3. Options tab On the Options tab (Figure 10.10), select the level of junk e-mail protection that you want Outlook to provide. The choices are:

    click to expand
    Figure 10.10: Outlook 2003 Junk E-mail Options – Options tab

    • No protection. Outlook will turn off all automatic filtering except for checking your Junk Senders list. If an incoming message is from someone listed in your Junk Senders list, Outlook will move the message to your Junk E-mail folder.

    • Low. Outlook will move only the most obvious junk e-mail to your Junk E-mail folder.

    • High. Outlook will move all suspected junk e-mail to your Junk E-mail folder. This is a fairly aggressive setting and will catch most junk e-mail, but it will also result in false positives. If you choose this option, you should regularly check your Junk E-mail folder to see whether Outlook has incorrectly categorized legitimate messages. If Outlook incorrectly categorizes legitimate messages from a specific sender, you can add the sender to your Trusted Senders list to prevent the problem for future messages.

    • Trusted Lists Only. Outlook will move all e-mail to your Junk E-mail folder except those messages from an address or domain listed in your Trusted Senders list or to an addresses listed in your Trusted Recipients list. If you choose this option, you should regularly check your Junk E-mail folder to see whether Outlook has incorrectly categorized legitimate messages.

  4. Select the Permanently delete suspected Junk E-mail instead of moving it to the Junk E-mail folder check box if you want to immediately delete suspected junk e-mail. This is the equivalent of using the shift-delete option to remove messages without going through the deleted items folder. Do not use this option unless you are confident that the Outlook filters will not incorrectly categorize legitimate messages as junk e-mail.

  5. Trusted Senders tab Select the Trusted Senders tab (Figure 10.11) to view the SMTP addresses you have identified as users from whom you will always accept messages.

    click to expand
    Figure 10.11: Outlook 2003 Junk E-mail Options – Trusted Senders tab

  6. You can add addresses to the list, edit addresses in the list, or delete addresses from the list by selecting the Add, Edit, or Remove buttons.

  7. You can use the Export to file button to create a text file containing your list of trusted senders. You can edit the text file using any text editor. You can share your text file with other users who can import the text file using the Import from file button.

  8. Trusted Recipients tab Select the Trusted Recipients tab (Figure 10.12) to view the recipient addresses you have identified as trusted.

    click to expand
    Figure 10.12: Outlook 2003 Junk E-mail Options – Trusted Recipients tab

  9. You can add addresses to the list, edit addresses in the list, or delete addresses from the list by selecting the Add, Edit, or Remove buttons.

  10. You can use the Export to file button to create a text file containing your list of trusted recipients. You can edit the text file using any text editor. You can share your text file with other users who can import the text file using the Import from file button.

  11. Junk Senders tab Select the Junk Senders tab (Figure 10.13) to view the SMTP addresses you have identified as users from whom you will not accept messages.

    click to expand
    Figure 10.13: Outlook 2003 Junk E-mail Options – Junk Senders tab

  12. You can add addresses to the list, edit addresses in the list, or delete addresses from the list by selecting the Add, Edit, or Remove buttons.

  13. Given the growing amount of junk e-mail, you will probably accumulate a lengthy list of junk e-mail senders. You can use the Export to file button to create a text file containing your list of senders of junk e-mail. You can edit the text file using any text editor. You also can append lists from different users to create a common list of known junk e-mail senders that you can import using the Import from file button.

  14. Select OK to complete the configuration for your Outlook junk e-mail settings. Outlook stores the Trusted Senders list, Trusted Recipients list, Junk Senders list, and all junk e-mail settings in user mailboxes to allow Outlook Web Access to use the same settings. Outlook also will automatically create the Junk E-mail folder if it does not already exist.

Once you enable junk e-mail processing, you can add an address to the Junk Senders list by right-clicking on the message and selecting Junk E-Mail Add Sender to Junk Senders list. To add an address to the Trusted Senders list, select Junk E-Mail Add Sender to Trusted Senders list. To add an address to the Trusted Recipients list, select Junk E-Mail Add Recipient to Trusted Recipients list.

Create your own filter using the Outlook Rules Wizard

In addition to using Outlook’s junk e-mail filter, the following procedure can be used to create your own Outlook filter using the Outlook Rules Wizard.

  1. In Outlook, select Tools →Rules Wizard to display the Rules Wizard dialog box (Figure 10.14).

    click to expand
    Figure 10.14: Outlook 2002 Rules Wizard

  2. Select New to begin creating a new rule. Outlook will display a list of predefined templates (Figure 10.15).

    click to expand
    Figure 10.15: Outlook 2002 Rules Wizard templates

  3. Select the Move messages based on content template and then select Next.

  4. In the conditions dialog box (Figure 10.16), select the with specific words in subject or body check box.

    click to expand
    Figure 10.16: Outlook 2002 Rules Wizard conditions

  5. In the bottom part of the dialog box, select the specified words hyperlink to display a dialog box where you can enter the words and phrases you would like for Outlook to use as junk e-mail criteria. When you have entered your list of words and phrases, select OK to return to the conditions dialog box, then select Next to continue.

  6. In the actions dialog box (Figure 10.17), select the move it to the specified folder check box.

    click to expand
    Figure 10.17: Outlook 2002 Rules Wizard actions

  7. In the bottom part of the dialog box, select the specified hyperlink and select the Deleted Items folder. This will cause the filter to automatically move filtered messages into the Deleted Items folder. You can select a different folder if you would like to review the filtered messages before they are deleted. When you have selected the destination folder, select OK to return to the actions dialog box and then select Next to continue.

  8. In the exceptions dialog box (Figure 10.18), you can identify exceptions to the filter rules. Exceptions can include any combination of mail from specific users, mail with a subject that contains specific words, mail sent through a specified account, mail sent only to you, mail with your name in the To and/or Cc box, mail without your name in the To box, mail that has a specific importance indicator, mail that has a specific sensitivity indicator, mail that is flagged for action, mail sent to a specific user or distribution list, mail where the subject and/or the body of the message contains specific words, mail assigned to a specific category, out of office messages, mail that includes an attachment, mail with a message size within a specified range, mail received in a specific time span, mail that uses a specific form, mail that has specific properties set, and mail with a sender in a specified address book.

    click to expand
    Figure 10.18: Outlook 2002 Rules Wizard exceptions

    One of the most useful exceptions is to select except if sender is in specified Address Book and then specify the GAL. You might also want to select except if from people or distribution list and list some specific users (e.g., friends and family) who are not listed in the corporate GAL. When you have identified exceptions to the filter rules, select Next to continue.

  9. In the final Rules Wizard dialog box, enter a name for the new filter rule and then select Finish to create the rule. Outlook will display a dialog box reminding you that this rule is a client-only rule and will process only when Outlook is running. Select OK to dismiss this reminder.

    Note 

    One extreme measure you can take to avoid spam is to create a rule that blocks all e-mail but has exceptions for users listed in the GAL. You can then monitor the filtered messages and create additional exceptions for external users from whom you will accept e-mail.

Use a commercial client-side filter product

In addition to the filtering capabilities that Microsoft includes with Outlook, there are several commercial client-side spam filters that work with Outlook. These products use multiple techniques, including filtering on the basis of the sender’s SMTP and/or IP addresses and content filtering to identify and block incoming spam.

Client-side filters have one primary limitation. They do not stop junk e-mail before it reaches the user’s desktop. Each user must take responsibility for ensuring that the filter is configured and enabled. Because the filter is not centralized, it is hard to apply consistent configuration parameters on all client systems. Instead, each system must be configured individually.

For this reason, it is best to attack the junk e-mail problem at the server in addition to the client. By implementing spam filters on the server, you can create a consistent first line of defense for your entire user community.



 < Day Day Up > 



Monitoring and Managing Microsoft Exchange Server 2003
Monitoring and Managing Microsoft Exchange Server 2003 (HP Technologies)
ISBN: 1555583024
EAN: 2147483647
Year: 2003
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net