Limit Spam with the Sender Reputation in Exchange 2007

TipsMake.com - In email management and classification systems, the detection and prevention of spam messages are always top priority. For years, Microsoft has been conducting research, building and developing many anti-spam mechanisms and integrating into their Exchange Server products, and one of them is Sender Reputation Filtering . In the following article, we will explain some of the main features and mechanisms of this Sender Reputation Filtering feature.

In terms of nature, the process of filter filter activity Sender Reputation is quite simple, by sorting and filtering information coming from the sender account, thereby deciding whether it is spam or not. But technically, the above process can be done in many ways. Specifically, Sender Reputation will 'look' at the most visible parts of the email such as the header, actions related to the same account in the history . Through such classification classes, the system has reduced the load. pretty much spam data.

Sender Reputation Filter works primarily in Edge Transport Servers , designed primarily to work with Exchange Server, and exist between the Internet environment and the rest of the Exchange Server system . With the main function is to filter content components, spam data and contain malicious code before they can enter the main system. In addition, the Sender Reputation Filter is always enabled in default mode, and users do not need to configure and set up too much.

One of the first operations of Sender Reputation is to try to determine that the sender's address spoofs any HELO / EHLO component when the ESMTP process is executed. You need to know that one of the most basic actions of a hacker is to regularly use various HELO / EHLO structures, which also contain fairly secretive 'embedded' IP addresses. If this address does not match the IP address from the email, it is more likely that the email is spam.

Next is to check the mail server of the sender's address to determine if there is an open proxy component. If so, they will be classified as spam because spammers often use this method and take advantage of the way the open proxy works.

Another point to keep in mind is that this open proxy will also be related to open relay. When Exchange Server starts the test of open proxy, the system will forward the email back to the sender's mail server address. If the Edge Transport Server receives this test message, the mail server is sure to have an open proxy . More specifically, Exchange uses HTTP Connect, HTTP Post, Telnet, Wingate, SOCKS 4, and SOCKS 5. Note that in order for this test to complete, you must open port 1080, 1081, 23, 6588, 3128, and 80 on the firewall system.

Finally, the Sender Reputation Filter checks the most recent activity of the sender. Each inbound email is assigned with a Sender Confidence Level indicator - corresponding to the percentage of messages that are spam.

Next, we will go into the setup and customization process in the Exchange Management Console at the Edge Transport Server. When the main control panel starts, select the Edge Transport, the middle pane will display all the filters that are available on the system:

Limit Spam with the Sender Reputation in Exchange 2007 Picture 1

Next, right-click Sender Reputation> Properties from the menu, and the entire attribute information Sender Reputation Properties will display as shown below:

Limit Spam with the Sender Reputation in Exchange 2007 Picture 2

We can easily see that the General tab provides quite a bit of detail and details about Sender Reputation Filtering, and users cannot edit this information. You continue to switch to the next tab section - Sender Confidence:

Limit Spam with the Sender Reputation in Exchange 2007 Picture 3

Here, the user will have a number of options to perform open proxy checks - this feature is already enabled by default, if you want to turn it off, just uncheck here. .

Limit Spam with the Sender Reputation in Exchange 2007 Picture 4

And finally, the Action tab allows us to set up and create different Sender Reputation levels. When the sender's value exceeds the parameter that you have pre-configured, the address will be immediately assigned to the block list - Block at a fixed time.

Through some basic features described briefly above, Sender Reputation Filter can completely be considered as one of the simplest weapons to fight spam that is increasingly expanding on the Internet today. . Good luck!