AntiSPam Solutions From Microsoft

1
(No Transcript)
2
(No Transcript)
3
Agenda

• A quick overview
• Anti-spam solutions from Microsoft
• Exchange Server 2003 Anti-Spam features
• Exchange Intelligent Message Filter (IMF)
• Outlook and OWA client features
• ISA Server 2004 SMTP Message Screener
• Next-generation anti-spam technologies from
  Microsoft
• Q A
• This presentation will be mostly demos ?

4
A good Anti-Spam should

• Reduce False Positives
• Be transparent to the end user
• Block at the gateway level whenever possible
• User never sees it
• Reduced impact on bandwidth other system
  resources
• Be easy to manage
• Scalable and flexible
• Balance corporate end-user control
• Be able to integrate with other anti-spam
  solutions

5
Exchange Connection Filtering

• Global Accept and Deny lists
• Configure individual IP or ranges by subnet mask
• Accept overrides Deny by design
• Support for subscribing to 3rd party Real-time
  Block List (RBL) services
• Support for multiple RBL providers
• Customizable NDR response per configured provider
• Override exception e-mail address
• IP feature ordering is combined
• Accept (highest), Deny, RBL (lowest)
• Recommendation
• Enable RBL Accept/Deny IP features at the
  Gateway
• Use RBL with some reservation
• IP restrictions can be programmatically set
  (KB810913)

6
(No Transcript)
7
Exchange Sender Filtering

• Filter messages sent from particular e-mail
  addresses or domains by examining the From
  address
• Enhanced spoof detection message submission
  method is persisted
• Only applies to messages that come from anonymous
  connections
• Recommendations
• Filter messages with blank sender
• Drop connection if address matches filter
• If you suspect fault play archive filtered
  messages and dont notify sender of this

8
Exchange Inbound Recipient filtering

• Filter messages sent to nonexistent recipients
• No NDR as message is rejected at protocol
• Hotfix prevents address book mining
• Filter messages sent to particular email
  recipients (valid or invalid)
• Restricted Distribution Lists 
• Allow only authenticated users to send to a DL
• Reduces impact of unsolicited email sent to
  internal only DLs
• Recommendations
• Filter recipients who are not in the GAL
• Do not restrict all DLs unless you know what you
  do. May brake applications that use anonymous
  SMTP connections

9
(No Transcript)
10
Microsoft Exchange Intelligent Message Filter
(IMF)

• Extension to Exchange 2003 Server
• Administration via Exchange System Manager
  extension
• Built on SmartScreen Technology
• Shipped in Outlook 2003
• Deployed at Hotmail
• Leverages the SCL infrastructure with by
  supporting per message tagging
• Provides Threshold configuration
• Gateway Threshold and Action
• Reject, Delete, Archive and No Action
• Store Threshold
• Built in performance counters
• Microsoft MOM Management Pack Extension for IMF
• Coexists and compliments 3rd party solutions

11
Archive Manager Cool add-on for Exchange
Intelligent Message Filter

• Archive Manager C tool released with source on
  GotDotNet
• URL http//workspaces.gotdotnet.com/imfarchive
• Supports the following features
• Tree view of the Archive directory of messages
• View of RFC2822 decoded headers and raw message
• Resubmission of message to pickup directory
• Deletion of messages
• Forwarding of message as attachment to 3rd party
  address (Report)

12
Outlook 2003 and OWA 2003 Enhancements

• User specified Safe Blocked Senders lists
• Safe Senders, Safe Recipients, Blocked Senders
• Can optionally include Contacts and GAL
• Supports Safe Senders Only mode
• User Lists shared by Outlook 2003 and Exchange
  2003 OWA, stored on the server
• Move to junk folder determined by
• Exchange 2003 Mailbox Store based on user lists
• Per message SCL
• Client Side based on Microsoft SmartScreen
  Technology
• Block all external content by default (Web
  beacons)

13
Exchange/Outlook Anti-Spam Integration
Exchange Server 2003
User Safe Blocked Senders
Inbox
Gateway Server Transport
Mailbox Server Store
User Safe Blocked Senders
Spam?
Allow/Deny Lists DNS Block Lists
SMTP Message
Junk Mail Folder
Spam?
Recipient Sender Filtering
Outlook 2003
User Safe Blocked Senders
Junk Mail Folder
Exchange IMF ISV Products
Inbox
Message SCL
SCL Spam Confidence Level
Exchange 2003 OWA
14
(No Transcript)
15
ISA Server 2004 Firewall SMTP Message Screener

• ISA Server 2004 is the 1 firewall for Microsoft
  Exchange
• The SMTP Message Screener is the first line in
  defense against SPAM and worms/virus
• Prevents highly malicious material from ever
  entering the network
• Offloads the processing requirements for e-mail
  filtering from the Exchange edge server
• Check for keywords in the subject line or body
• Checks attachments for
• File name
• File extension
• Attachment size
• Requires the SMTP service on the ISA Server

16
(No Transcript)
17
Caller-ID for E-mail

• Protects e-mail domain identity
• Addresses spoofed mail
• Caller ID Flow
• Senders publish IP addresses of outbound e-mail
  servers in DNS in an e-mail policy document
• Receivers determine purported responsible domain
  of each message
• Receivers query DNS for the e-mail policy
  document of the purported responsible domain and
  perform domain spoofing test
• More information http//www.microsoft.com/mscorp/
  twc/privacy/spam_callerid.mspx

18
Exchange Edge Services

• New SMTP Relay
• Goal Nail the basics
• Security
• Reliable, High Performance
• Simple Deployment and Management
• Advance Extensibility Infrastructure
• Goal Customer flexibility and partner value-add
• .NET Framework-based extensibility
• Rich API
• Support Customer Features
• Goal Gain control of email flow in/out of the
  organization
• Caller ID, Anti-Spam, Anti-Virus, Attack
  Management, Content Management, Secure Messaging,
  E-mail message hygiene
• More informationhttp//www.microsoft.com/exchang
  e/techinfo/security/edgeservices.asp

19
Summary

• There is no simple solution in the fight against
  spam.
• Span is annoying and also a security risk. Treat
  it as such!
• Utilize the options available today. Make your
  Exchange server and Outlook clients deliver value
• Use a combination of built-in anti-spam features
  with 3rd. Party solutions
• Educate your users. The time is well worth spend

20
Anti-spam resources Links

• Antispam Capabilities in Exchange Server
  2003(http//www.microsoft.com/exchange/techinfo/s
  ecurity/antispam.asp)
• Exchange Intelligent Message Filter(http//www.mi
  crosoft.com/exchange/downloads/2003/imf)
• Exchange Server Edge Services Overview
  (http//www.microsoft.com/exchange/techinfo/secur
  ity/EdgeServices.asp)
• Controlling SMTP Relaying with Microsoft Exchange
  2000(http//www.microsoft.com/technet/security/pr
  odtech/mailexch/excrelay.mspx)
• Microsoft Exchange Server 2003 Security Hardening
  Guide(http//www.microsoft.com/technet/prodtechno
  l/exchange/2003/library/exsecure.mspx)
• Using the ISA Server 2004 SMTP Filter and Message
  Screener(http//www.microsoft.com/technet/prodtec
  hnol/isa/2004/plan/smtpfilter.mspx)
• Archive Manager for Intelligent Message Filter
  (http//workspaces.gotdotnet.com/imfarchive)
• MSDN Anti-Spam information(http//msdn.microsoft.
  com/library/default.asp?url/library/en-us/e2k3/e2
  k3/ast_anti_spam.asp)