Stopping Junk E-mail with Exchange Hosted Filtering

By Daniel Bohm

E-mail abuse can overwhelm businesses and undermine the benefits of e-mail as a communication tool. In this article, I introduce Microsoft Exchange Hosted Filtering, a hosted service for inbound and outbound e-mail that offers a frontline defense against e-mail-borne malware. One of four Exchange Hosted Services, Exchange Hosted Filtering provides organizations with anti-spam and antivirus protection, policy enforcement, and basic disaster recovery functionality in a single solution. Exchange Hosted Filtering delivers a hands-free e-mail security experience to customers by continuously updating virus definitions and spam detection technologies that deliver maximum protection.

For more information about all four Exchange Hosted Services, see Microsoft Exchange Hosted Services.

Layered Protection

Exchange Hosted Filtering employs five layers of preventive and protective functionality to prevent increasingly complex e-mail–borne threats from infiltrating businesses and violating corporate policy on e-mail use. The five components are as follows:

• **Threat Prevention **  This first layer of protection uses many techniques, including sender reputation analysis, to weed out junk e-mail. Directory Services, a component of Threat Prevention, allows organizations to specify all valid users on a domain to block inbound e-mail addressed to invalid recipients. It also defends against directory harvest attacks.

• Antivirus Protection   This filter incorporates multiple antivirus engines with heuristic detection capabilities to deliver zero-hour protection, thus minimizing the window of vulnerability after virus outbreaks.

• Anti-spam Protection   By layering anti-spam technologies, the anti-spam filter detects all kinds of spam before they reach the corporate network. Technologies include rules-based scoring, fingerprinting, and sender policy framework (SPF) lookups.

• Policy Enforcement   Administrators can use the highly flexible policy rule-writer to control mail flow for compliance. The policy filter offers many rule actions, such as reject, allow, and redirect. It also supports pattern matching in the subject and body of e-mail.

• Disaster Recovery   Delivery of legitimate e-mail must be ensured. Filtered e-mail is protected by instantly and automatically queuing messages for later delivery if the destination e-mail server is unavailable.

The following diagram illustrates how these five components work together.

The integrated e-mail security and filtering solution provided by Exchange Hosted Filtering

The Administrator Experience

Deployment of Exchange Hosted Filtering is straightforward. The customer’s original MX record, such as mail.contoso.com, is replaced with a pointer to the Exchange Hosted Filtering network, mail.global.frontbridge.com. Over the next 24 hours, this change is propagated throughout the Internet, and mail begins to flow through the Exchange Hosted Filtering network to corporate e-mail servers.

Through the Web-based Exchange Hosted Services administration console, administrators can configure the filters for each domain and view detailed reports on the performance of the filters.

The End-User Experience

End-users can review quarantined messages through a Web-based interface that lets them delete spam, deliver a quarantined e-mail to their Inbox, or report false positives. By default, Exchange Hosted Services stores quarantined messages for 15 days and then automatically deletes them. Alternatively, administrators can configure Exchange Hosted Filtering to send users an e-mail summary of their quarantined spam for the last n days, where the administrator defines n. From this e-mail summary, users can quickly review messages and perform many of the same actions as they would if they were logged into the Web-based interface.

The following figure is an example of the spam notification summary that can be sent to end-users.

Spam quarantine notification

The Exchange Hosted Services Network: Globally Distributed to Ensure High-Availability

Exchange Hosted Filtering operates on the Exchange Hosted Services globally distributed network. This network employs a fault-tolerant and redundant architecture that is load-balanced both site-to-site and internally within each data center. If a data center is unavailable, traffic is automatically routed to another data center without any interruption to service. The Exchange Hosted Services network has proven successful in helping protect customers’ e-mail servers from spam and virus outbreaks, denial of service assaults, non-delivery report (NDR) floods, directory harvest attacks, dictionary attacks, and other forms of e-mail abuse. The following map shows the physical locations of the data centers that make up the Exchange Hosted Services global network.

Exchange Hosted Services global network

All messages that are processed by Exchange Hosted Filtering are encrypted by using Transport Layer Security (TLS). The Exchange Hosted Filtering service tries to send all messages by using TLS but automatically rolls over to use SMTP if the destination e-mail server is not configured to use TLS. This approach ensures total privacy of all e-mail while in the hosted filtering environment and of those messages sent to other organizations with TLS-enabled e-mail servers.

Technical Support

The Exchange Hosted Filtering technical support staff is trained and equipped to deliver solutions quickly and clearly, by phone and e-mail. Support staff are easy-to-reach and stay in close contact with each client until all questions have been resolved. Exchange Hosted Filtering also offers online support tools, including FAQs and step-by-step guides. Support incident numbers are issued if follow-up calls are required.

For training on Exchange Hosted Filtering, Product Specialists offer in-depth classes several times during the week at no additional charge. IT staff members are invited to schedule and attend classes as frequently as necessary. It is recommended that refresher courses be taken every year to keep up-to-date on new features added to the service.

Service Level Agreements

Because e-mail is mission-critical, Exchange Hosted Filtering includes comprehensive service level agreements (SLAs) that back up network performance, and spam and virus filtering effectiveness. The SLAs include the following:

• Filtering network infrastructure

• Network uptime: 99.999 percent

• E-mail delivery: Average delivery commitment of less than two minutes

• Filtering accuracy

• Virus blocking: 100 percent protection against all known e-mail viruses

• Spam capture: Capture of at least 95 percent of all inbound spam e-mails

• False positive ratio: A commitment of less than one false positive in 250,000 e-mails

For More Information

For more information, see the following resources:

• Microsoft Exchange Hosted Services

• Microsoft Secure Messaging

• Microsoft Exchange Server 2007 documentation

- Daniel Bohm, Senior Product Manager, Exchange Hosted Filtering, Microsoft Unified Communications