Understanding Anti-Spam Updates
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2010-07-06
Microsoft Exchange Server 2010 includes many anti-spam features that depend on downloaded data to determine whether a message can be delivered with confidence that it isn't spam. The following data must be kept up-to-date for the anti-spam features to operate optimally:
Content filter updates These updates contain data about phishing Web sites, Microsoft SmartScreen spam heuristics, and other Intelligent Message Filter updates. Content filter updates generally contain about 6 MB of data that's useful for longer periods of time than other anti-spam update data.
Microsoft IP Reputation Service data The Microsoft IP Reputation Service is an IP Block list service offered exclusively to Exchange 2010 customers. Administrators can decide to implement and use the Microsoft IP Reputation Service in addition to other real-time block list services.
Spam signature data Spam signatures identify the latest spam campaigns. The spam is hashed into a message digest, or spam signature. This data is used by content filtering to assign a higher spam confidence level (SCL) to known spam. The spam signature files are small. A collection of spam signatures is only a few KB. The spam signatures are also time sensitive. Therefore, they're updated more frequently than other anti-spam data sets.
Anti-spam updates contain data only. They don't contain updated binaries or libraries. Anti-spam updates don't require mail flow interruption or service restarts.
By default, anti-spam updates aren't automatic. Instead, the administrator must visit Microsoft Update to download and install the content filter updates. The content filter update data is updated and available for download every two weeks.
Manual updates from Microsoft Update don't include the Microsoft IP Reputation Service or spam signature data. The Microsoft IP Reputation Service and spam signature data is only available when you use the anti-spam features of Microsoft Forefront Protection 2010 for Exchange Server (FPE).
Microsoft Forefront Protection 2010 for Exchange Server (FPE) integrates multiple scan engines into a comprehensive, layered solution that helps you protect your Microsoft Exchange server messaging environment from malware, spam, and inappropriate content. FPE prevents the spread of malicious content by scanning all messages in real time with minimal impact on Exchange server performance or message delivery time.
You can enable FPE anti-spam technology in both the Exchange Edge Transport and Exchange Hub Transport roles. However, the Edge Transport role is the preferred location for anti-spam filtering. The technology includes a series of agents that are registered with Exchange and are invoked at specific points in the SMTP pipeline. FPE can also be integrated with Forefront Online Protection for Exchange (FOPE) to provide an additional layer of filtering for your messaging environment.
When you deploy FPE, the anti-spam features that are built in to Exchange are disabled. To learn more about how the FPE anti-spam solution works, see Using Antispam Filtering.
To learn more about how anti-spam updates work when you're using FPE, see Configuring and scheduling updates.