Unsolicited
email messages are often referred to as spam. These usually unwanted
and often offensive messages are utilized as cheap advertising for
unscrupulous organizations. In the past several years, the increase in
spam traffic has surpassed even the most liberal estimates, and many
studies have found that spam traffic accounts for up to 85%–90% of the
messaging traffic on the Internet today.
Spam does not just
affect your patience and productivity; it affects companies, Internet
service providers, and anyone else who is hosting messaging services.
The battle against spam is just beginning, and legal battles are well
under way against both known spammers and companies that host the
messaging services. In some cases, employees are suing employers on
grounds that the employer has not taken adequate steps to protect them
from offensive materials.
Exchange Server 2010 Antispam Features
Spammers are
becoming increasingly more creative and cunning, frequently changing
their email addresses, domain names, content, and more to get past a
company’s protective measures.
Microsoft has provided
at least some basic form of antispam technologies in Exchange Server
since version 5.5 and Outlook 98. For example, junk mail filters were
provided to help identify messages that had either offensive material or
other keywords indicating the message was spam. This form of spam
prevention placed most, if not all, of the responsibility on the end
user to block unwanted email messages.
Exchange
Server 2010, when combined with Outlook 2007 or Outlook 2010, provides
several methods of reducing unwanted spam messages:
Increased protection through integrated security technologies
Improved email legitimacy assurance
Distribution lists restricted to authenticated users
Connection filtering
Reputation service
Outlook junk email filter lists aggregation
Protecting Against Web Beaconing
A common and very
popular format for email messages is Hypertext Markup Language, or HTML.
This format is so popular because of the rich content that can be
presented, including graphics, images, font formatting, and more.
However, HTML-based messages can also present security problems and
annoyances because of the ability to hide various codes and images
within the message.
One such security
problem is called web beaconing. Web beaconing is a term used to
describe the method of retrieving valid email addresses and information
on whether a recipient has opened a message. Advertisers, spammers, and
the like utilize web beaconing to help them become more profitable and
improve audience targeting. For instance, when an unsuspecting user
opens an email message that contains a web beacon, the user’s email
address and possibly other information is sent to the solicitor,
notifying them that they a) have reached a valid recipient and b) have
reached a recipient who is willing to open their message before deleting
it. The user is oblivious that their personal information has been
given.
Outlook 2003 and 2007 can
be used to block web beacons and, consequently, prevent the user’s email
address from ending up in the wrong hands. By default, if Outlook
suspects that the content of a message could be used as a web beacon, it
presents a pop-up window warning users that links to images,
multimedia, or other external content have been blocked to help protect
their privacy. The text content of the email message is viewable by the
user, and the user is then presented with an option to unblock the
content. This enables the user to make a conscious decision of whether
to display all the contents of the message.
This default
setting is recommended because it is an excellent way to protect end
users from unsolicited emails; however, it is possible to disable this
option. To change the default settings in Outlook 2003, do the
following:
1. | Select Tools, Options.
|
2. | Click the Security tab and then click Change Automatic Download Settings.
|
3. | In
the Automatic Picture Download Settings window, choose whether to
download pictures or other content automatically. Outlook 2003 can also
be customized to automatically
download content from safe lists or from websites listed in the trusted
Microsoft Internet Explorer security zones.
|
To change the default settings for automatic downloading of content in Outlook 2007, do the following:
1. | Select Tools, Trust Center.
|
2. | Click the Automatic Download tab. Select the desired settings from the available options. By default, all options are selected.
|
Note
If Automatic Picture
Download is turned off, messages from or to email addresses or domain
names on the Safe Senders and Safe Recipients lists are treated as
exceptions and the blocked content is downloaded.
Filtering Junk Mail
As mentioned
earlier, junk mail filtering has been available in earlier versions of
Exchange Server and Outlook. This feature has been improved with each
new revision and is useful in minimizing the need for end users to
configure junk mail filtering options. In fact, junk mail filtering is
primarily controlled by Exchange Server administrators. However, some
options can be configured by the users. With junk mail filtering, many
unwanted messages can be segregated and set aside before they reach the
user’s Inbox.
Both Outlook 2003 and
Outlook 2007 give you the ability to change the level of protection
provided by your junk email filter. To do so, perform the following
procedure:
1. | Select Tools, Options.
|
2. | On the Preferences tab, in the E-Mail section, click Junk E-Mail.
|
In addition, both Outlook 2003 and Outlook 2007 provide the following options:
No Protection (2003) or No Automatic Filtering (2007)—
Although the junk email filter does not perform any filtering on
incoming mail, messages sent from the blocked senders list are still
moved to the junk email folder.
Low (the default setting)—
Safe and block lists are consulted with this level of protection, but
Outlook also searches for keywords and phrases in the message’s subject
and body.
High—
On this setting, the most aggressive filtering is performed. Although
you can increase the amount of junk email captured by using this
setting, there is the possibility of “false positives,” which can result
in valid messages being mistakenly filtered out.
Safe Lists Only— This setting is the most restrictive because it allows only messages from preapproved senders to be delivered to the Inbox.
Both Outlook
2003 and Outlook 2007 offer you the additional option to Permanently
Delete Suspected Junk E-Mail Instead of Moving It to the Junk E-Mail
Folder. You should hesitate before using this option because you lose the ability to review the junk email folder to look for missing messages.
Outlook 2007 gives you the following options to battle email phishing attacks:
Disable Links and Other Functionality in Phishing Messages (Recommended)— Using this option disables links, the “reply to” feature, and the “reply to all” feature on suspected phishing email messages.
Warn Me About Suspicious Domain Names in E-Mail Addresses (Recommended)—
Using this option warns you when a message comes from a domain name
(for example, @mlcrosoft.com) that uses certain characters to make it
appear to be a well-known domain.
Filtering with Safe and Blocked Senders
Both Outlook 2003 and
Outlook 2007 allow users to create and manage their own Safe Senders and
Blocked Senders. As the name implies, the Safe Senders list is made up
of user-defined addresses or domains, and messages from these addresses
or domains will never be treated as junk email. Conversely, the Blocked
Senders list is made up of user-defined email addresses or domain names,
and all messages from them will automatically be treated as junk email.
In addition, both Outlook
2003 and 2007 provide the option to configure a Safe Recipients list.
This option is useful when you are a member of an emailing list or
group. By adding the list or group to your Safe Recipients list, any
messages sent to the email addresses or domain names on that list will
not be treated as junk email messages, regardless of the sender.
Both Outlook 2003 and
Outlook 2007 allow you the option to automatically treat anyone in your
Outlook Contacts list as a Safe Sender. This option is enabled on the
Safe Senders tab by selecting the Also Trust E-Mail from My Contacts
check box. By default, this feature is enabled.
With Outlook 2003 SP1 and
later, there is an additional option. If there are people who are not
in your Contacts list, but with whom you regularly correspond, you can
select to Automatically Add People I E-Mail to the Safe Senders List.
This option is also found on the Safe Senders tab.
To quickly add a
sender, domain name, or mailing list to one of these lists, you can
right-click the message, select Junk E-Mail, and choose the desired
option.
Outlook Email Postmark
In Outlook 2007, the
concept of the Outlook Email Postmark is introduced. This feature helps
ensure that email placed in the client’s Inbox is valid, and that email
sent by Outlook 2007 will be trusted by the recipient’s email client.
Microsoft has developed
this new technology as part of their ongoing effort to minimize junk
email. When using the Email Postmark, the sending computer performs a
computation, and assigns the resulting work as a token that the email is
valid. By making the computation
and sending of the message time consuming and resource intensive, mass
emailers will find the process detrimental to their productivity;
however, the process does not change the user experience for normal
email senders.
Exchange Server 2010,
upon receiving a message with an Email Postmark, uses it as one method
of verification of the reliability of the incoming message.
Blocking Read Receipts
Both Outlook 2003
and Outlook 2007 enable users to request read receipts for the messages
that they send. Read receipts tell the sender that the intended
recipient has at least opened the email. Automatically sending these
read receipts can offer spammers (or others) more insight into your mail
reading habits than you might want to share.
By default, both
Outlook 2003 and Outlook 2007 block the automatic sending of read
receipts. Instead, the recipient is prompted with a message that asks
them if they want to send a response.
If you want, you can
change this setting to Always Send a Response, or Never Send a Response.
To change this behavior, do the following:
1. | In Outlook, select Tools, Options.
|
2. | On the Preferences tab, in the E-Mail section, click E-Mail Options.
|
3. | Click the Tracking Options button.
|
4. | Select your desired setting, and then click OK three times to exit the configuration.
|
Information Rights Management
Introduced in
Microsoft Office 2003 products, Information Rights Management (IRM)
helps organizations protect digital information from unauthorized use.
By integrating with a Windows Server 2008 technology called Active
Directory Rights Management Services (AD RMS), IRM enables workers to
define how a recipient can use the information contained in a Microsoft
Office document.
Users can define
exactly who can open, modify, print, forward, or take other actions with
protected documents. In addition, users can specify an expiration date,
after which the document cannot be viewed or acted upon.
Note
To create IRM-protected
documents and email messages, the sending user must be using the
Professional or Enterprise version of Office 2007/2010. Users of Office
Standard can still read and use IRM-protected documents, but cannot
create them or apply policies to email messages.
IRM granularizes
security for supported Microsoft Office applications such as Word,
Excel, PowerPoint, and Outlook, as well as any other IRM-aware
application. IRM is intended to complement other security technologies,
such as Secure/Multipurpose Internet Mail Extensions
(S/MIME) and Pretty Good Privacy (PGP) by securing the contents of
information (contained in a document, for example), but it does not
provide authentication to the information.
