Using antispam filtering
Applies to: Forefront Protection for Exchange
This section describes how you can use Forefront Protection 2010 for Exchange Server (FPE) to help prevent spam e-mail from entering Microsoft Exchange messaging environments.
You can enable FPE antispam technology in the Exchange Edge and Exchange Hub roles. The Edge role, however, is the preferred location for antispam scanning, because it enables FPE to reject spam early in the process without putting an unnecessary load on the network layers. The technology includes a series of agents that are registered with Exchange and are invoked at specific points in the SMTP pipeline. FPE can also be integrated with Forefront Online Protection for Exchange (FOPE) to provide an additional layer of filtering for your messaging environment.
If you are using FOPE to filter your e-mail traffic, you can configure FPE to bypass spam scanning of messages that were already scanned by FOPE. For more information, see Bypassing virus and spam scanning for messages already scanned.
When you deploy FPE, the anti-spam features that are built in to Exchange are disabled. See Understanding Anti-Spam and Antivirus Functionality and Understanding Content Filtering in the Exchange Server 2010 documentation for more information regarding anti-spam functionality in Exchange Server 2010.
FPE uses several kinds of filtering in order to identify and mitigate spam e-mail:
Connection Filtering—FPE examines the IP address of the original sender. FPE has user configurable static IP block and allow lists and a dynamic DNS block list maintained by Microsoft that can filter up to 90% of spam e-mail. For more information, see Using connection filtering.
Sender Filtering—FPE examines the SMTP sender information. This filter enables administrators to configure allowed and blocked senders by domains and e-mail addresses. For more information, see Configuring sender filtering.
Sender ID Filtering—FPE uses a Sender ID framework to validate that the sender is not spoofing the identity of another sender. For more information, see Configuring sender ID filtering.
Recipient Filtering—FPE can also be configured to allow and block e-mail messages to certain recipients in your organization. In addition, FPE has the capability, through Active Directory Domain Service queries, to validate that the recipient exists in the company’s Active Directory Domain Service. For more information, see Configuring recipient filtering.
Content Filtering—FPE also examines the content of the message itself, including subject line and the message body. FPE uses a third-party antispam engine to scan all e-mail for spam. For more information, see Configuring content filtering.
Backscatter Filtering—FPE includes new technology that enables administrators to prevent false Non-Delivery Reports (NDR) generated from spoofed sender addresses from entering their environment. For more information, see Configuring backscatter filtering.
During the first two phases in the antispam pipeline, FPE can reject a message if the message originated from a block-listed IP address or a blocked or spoofed sender. FPE can also be configured to reject a message if it is intended for an invalid or blocked recipient. During the final phase, FPE determines the confidence level that a message is spam. FPE allows you to set a threshold of confidence, which determines the mitigation action FPE takes during content filtering. Messages above the threshold can be rejected or deleted, and messages below the threshold can be quarantined or forwarded to Microsoft Office Outlook. Suspect messages that are forwarded to Office Outlook can be scanned again depending upon the Office Outlook settings.
If you are unable to set antispam settings through the FPE Administrator Console, please verify that the Exchange Server Administrator’s password has not expired or been changed.
When antispam filtering is enabled, you must also ensure that the internal SMTP servers list is populated in the Microsoft Exchange Server Management Shell. This step is important if there are any incumbent Message Transfer Agents (MTA) between the internet and the FPE-protected Exchange server where the antispam agents are enabled. Information about configuring the internal SMTP servers list can be found in the following Microsoft Exchange documentation topics: Anti-spam agents are enabled, but the list of internal SMTP servers is empty (http://go.microsoft.com/fwlink/?LinkId=156597) and Set-TransportConfig cmdlet (http://go.microsoft.com/fwlink/?LinkId=156599).
For more information about enabling the FPE antispam features, see Enabling antispam protection.