An In-depth Analysis of Anti-Spam Techniques to Protect Your Exchange Server
Protecting your Exchange server infrastructure from email spam can be easier said than done. Given the wealth of options available, choosing which solution is best for your needs can be a challenge. You want an anti-spam solution that blocks all spam emails, while allowing legitimate email through.
However, this is not as easy as it sounds. If humans sometimes find it difficult to tell the difference between a spam and a legitimate email, how can a computer program accomplish this? There is a variety of techniques that anti-spam software uses to keep your Exchange server clean. Understanding how these methods work can help you to decide which anti-spam solution will be the most effective.
Greylisting is a process whereby an email from an unknown source is rejected with a temporary error. This technique relies on the email being sent from a proper mail server which follows set standards, and that server will then resend the email a short while later. Spam emails are normally sent from mail servers that do not follow this protocol and are therefore filtered because they have not been resent.
SPF (Sender Policy Framework)
SPF detects spam by assuming that many spam emails lie about their true origin. SPF detects this by checking the email’s SPF record for the domain of origin. The SPF record includes a list of authorized hosts that can send emails for that domain. If the email was sent from a source not present in that list it is rejected as spam.
Some vendors have compiled databases of detailed information that can be used to detect spam. These databases often include information such as known spammer sources, finger printing data, known spam links, spam images and attachments. By cross referencing this database, anti-spam software can fairly accurately classify spam emails which contain any of these elements. Such databases are also periodically updated.
DNSBL (DNS Black List)
There are various DNSBL projects out there and although they differ in functionality, they use the Domain Naming System (DNS) to create databases that people or products can query. These databases contain lists of known spammers, open relays, hijacked systems, dynamic IPs, and so on. These projects use various techniques keep their databases updated, including automated testing systems to honey pots.
Bayesian analysis works by analysing both spam emails and legitimate emails and building statistical models of what spam looks like and what legitimate emails look like. This classification system normally works on the words and phrases that you generally find in each category of email. This process then analyzes an email and determines the statistical likeliness that a particular email is either spam or legitimate. When the software used is well ‘trained’, this process can be quite effective.
Each of these methods gives you varying levels of success, and none of them is 100 percent effective and produce zero percent false positives. By combining one or more methods you can dramatically increase the success rates, while simultaneously reducing the chance of a false positive. By keeping this in mind, you can tailor your anti-spam solution to ensure your Exchange server is as efficient as possible.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using email anti-spam for Exchange Server.
All product and company names herein may be trademarks of their respective owners.
If you like this page then please share it with your friends
See more Microsoft Exchange Server 2010 topics: