Spam Filtering

Posted On 2005-11-1 by FortyPoundHead
Keywords: Spam Filter Exchange Block XADM
Tags: Email Exchange 
Views: 1581

Spam and unsolicited e-mail is a chronic problem for companies of all sizes. I have been dealing with this problem in three different ways:

Block specific e-mail senders or whole domains from sending you the SPAM.
In Exchange 2000, open Exchange System Manager > Select Server > Select Global Settings > Select Message Delivery > Right Click and go to properties.

Here you have four tabs, one of which is filtering. You can filter by e-mail address or by domain, for example: * You also have the option to Archive Filtered Messages, Filter messages with Blank Senders and to accept the messages without notifying sender of filter. There is another way to set this up by editing the registry, but who wants to fiddle around with that when you can achieve the same thing through the actual program GUI.

If in Washington State, send the ISP the e-mail header info and a short blurb of the Washington RCW 19.190 including the $$ associated with the assisting of transmission as well as originating the transmission, which may mean that they can be liable for fines as well.
To whom it may concern,

This message is to put you on notice that your e-mail service have been sending users at my company unsolicited spam (junk e-mail).

These e-mails are in direct violation of Washington state law RCW 19.190 and may result in my taking legal action against them. The fine is $500.00 for each unsolicited e-mail received. Please note that the cited law prohibits "Assisting the Transmission" as well as originating the transmission which may mean that you can be liable for fines as well.

I would like to hear from you on steps that you plan to take to ensure that your service is no longer in violation of Washington state law. If you do not stop these e-mails, I am authorized by my company to pursue prosecution under Washington state law RCW 19.190 for each e-mail we receive from you!


I also use Microsoft ISA Server to filter e-mail.

ISA Ships with an SMTP application filter, which is located within the ISA Management Console. To find this filter open the ISA MMC > Select Servers and Arrays > Select Server > Select Extensions > Select Application Filters > Select SMTP Filter > Double click for properties. Here you have five tabs. The three tabs I use the most often are: Attachments, User/Domain and Keywords.

On the first tab is attachments; this may come in very handy when there are virus alerts, you can add another line of defense by deleting attachments with a certain file name, extension or size. Your action options are: delete, hold or forward to. I specifically use this to delete attachments like .vbs, .scr, .exe and so on, this way if ISA does not catch it my virus protection will.

On the second tab are options for filtering by senders name or domain name; this will just reject the e-mail. This is very similar to the options given to you in the exchange manager.

On the third tab we have keyword filtering. On this page you can setup keyword filtering rules to apply action if keyword is found in: the message header or body, the message header or just the body. Your actions for these rules are Delete, Hold Message, or Forward to.

Just a WARNING if you use this tab -- it is very easy to filter out important e-mail using keywords! For example: You want to filter all e-mails containing the word WIN in the message header or body, sounds simple enough, eh? Make sure you set the action to forward to System Attendant or an e-mail that will be checked daily. The reason for this is, and I found out first hand, is when ISA checks incoming mail it checks for that letter combination and doesn't care where it is. I filtered many e-mails that had words like drawings, showing, following, and so on. So as a rule of thumb, when you create a new keyword rule, make sure the action is set to "forward to" for at least a couple of weeks to make sure that the rule is working correctly. Always set new rules to forward the mail to an admin account for screening so you can make sure you do not filter important company information!

Happy filtering!

About the Author

has posted a total of 1974 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links