SPAM-is there a way to put rules in Exchange 5.5 at server level to block keywords, etc?, SPAM

SPAM-is there a way to put rules in Exchange 5.5 at server level to block keywords, etc?, SPAM, pcumming

We have Outlook 2002 and Exchange 5.5. We have been receiving an increasing amount of SPAM. We are educating our employees on the do's and dont's of using the Internet and giving out a work email address in certain situations.

Question 1. Is there a way to block keywords or add rules at the Exchange Server level (version 5.5) at each of our Exchange servers?
Is there a limit on keywords or rules, etc?? We have Outlook 2002 and can create it at the client level but prefer not to.

Since spammers can send jpegs and bmps of course we cannot filter on them. As a company we need to be able to send such to each other.

Also since spammers falsify header info, I think it would be a waste to try to capture a true from address or a made up domain name in the routing of the email or a false ISP.

Question 2. Therefore I am not sure an external product (which we are open to spending the necessary money on) would be as helpful as a decent set of rules.

Comments and answers to the above?

Who is Participating?
NevaarConnect With a Mentor Commented:
I think that your questions will require a fair amount of research and, honestly, the effort would far exceed the time I'm willing to invest.

Start with the web ( and trade magazines to locate the background information you're looking for.

Good luck.
Here's how to stop the spamming....

1. Open the properties on the Exchange Server Internet Mail Service and select the Routing page. After the SP1 installation, this page will have an additional button called <Routing Restrictions...>.

2. Click Routing Restrictions to bring up a dialog box with additional Restrictions.

3. Check the box for "Hosts and Clients that Successfully Authenticate"

4. Restart the Internet Mail service


This will allow only users who authenticate to send mail off of your server.

IF you have pop 3 users, you will need to review the following article after apply the setting above.;en-us;Q279860

You have to modify a setting in pop3 users' profiles to allow them to send mail off the server....

This should do the trick!!
pacummingAuthor Commented:
We do not have POP 3 turned on via exchange.
However of course we do receive email via Pop3.

Now with respect to authenticating.
The Q article states
"Hosts and clients that successfully authenticate:
Messages sent from hosts and clients with valid logon information are relayed. "

We do not want to allow relaying of course off of our server. I am not sure if this box is checked or not as I am not the Exchange admin.

But by checking this box what does Exchange do (in terms of authentication) when it receives an email perhaps from my own account at Yahoo to my corporate account that uses Exchange? Does it try to do a ping?

If the Spammer has a false (from) header that is not his own but is valid as well as  falsified (but a valid-not his own) ISP header info (if possible), then would this not pass all the rules for authentication?

Just asking

I know there are multiple solutions that may need to be employed to filter out perhaps 80% of abusive unsolicited, etc.  email.
We are not a fan of using blacklists since these change all too often.
Also too hard to have a list of addresses that we only will allow since we have about 8,000 employees.



Thanks< peter
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


By checking that box, (Hosts and clients that successfully authenticate) - it will actually prevent anyone from being able to RELAY off of your would need to follow this article to prevent SPAM mail....;en-us;Q245465
kevala :

The filtering option would require you to enetr each domain seperately. not an enviable task...

Earlier commecnts are anyway about relay control not spam...

My guess is that Exchange doesn't have an effective mechanism to curn spam. Third party software's if any might help..I haven't looked up for one so far... but i sure should have few good ones listed.

pacummingAuthor Commented:
Yes that is correct. My problem is SPAM, not relaying.

We have Exchange 5.5
Would like to without third party software add filter words for ALL emails that come in to our 4 Exchange Servers. However I think that 5.5 does not support this only Exchange 2000. Can someone verify this and how robust Exchange 2000 is in adding words to filter on subject and body?

Or would it be better to filter at client and perhaps faster?

Finally, if you know of some good 3rd party software that would be great. However due to the falsification of header info, domains always changing, not sure that a product can do it any better than key word searches.

However I am open to any suggestions, arguments,etc..

Thanks, Peter
Check the following web pages for a list of anti-spam & content checker software:
pacummingAuthor Commented:
Still would like a basic answer on these questions.

Can someone answer these please:
Would like to filter without third party software and add filter words for ALL emails that come in to our 4 Exchange Servers.

1.***However I think that 5.5 server does not support email word filtering at the server level. Can someone verify this?

2. Does Exchange 2000?

3. How good is it? Pros/Cons

Thanks, Peter
Neither Exchange 5.5 nor 2000 have keyword email filtering built-in.
pacummingAuthor Commented:
Sure about Exchange 2000? I read somewhere that it did. Or are you saying it can only filter domains and blank from address, etc.. as opposed to checking words/content in emails?

Can one write their own add-in for this?

Thanks, Peter
Exchange 2000 can do sender filtering, not content/keyword filtering.
As far as writting add-ins, that's what the third-party venodrs are doing.  So it can be done, it's just a matter of time & money.
pacummingAuthor Commented:
Any commments on best packages, use of outsourcers to review spam, how to determine amount of spam in a company, etc..?

We have Exchange 5.5 and about 4,000 employees.
We still have a few hard questions we are trying to find some answers for our Senior Managment.

1. How can we determine what laws exist or retribution we may have if we receive SPAM or unsolicited email in the states in which our various corporation resides?
And with such laws, does anyone know how successful such cases may be against a sender, ISP, etc...?
Our goal is to determine what recourse we have against such senders, ISP's etc in our efforts to reduce SPAM.
Any websites, names or resources would be beneficial.

2. Is there any way to determine the probability perhaps based on industry averages of what percentage of SPAM, UCE comprises is the total of all inbound Internet email (not internal email)?

Is there any way to determine the % chance of an employee bringing action against the company they work for, for not being vigilant enough in action to reduce SPAM?
Any case studies would be great.

The only approach we came up with was:
A. Offer our employees an internal website form to report the number of unsolicited emails received. Then we perform an extrapolation and an average over a period of time. Or we could set up a mailbox for them to report this into along with the offending email.

B. Outsource some of our email to a service provider and have them perform the analysis over a 2 week period or so. The downside to this is the loss of control, hoping there is no interruption in service, that we as a company are content with  an outside party having access to all our emails, and finally-that they report accurate numbers to us through their algorithms as opposed to an inflated number to earn our business.

3. What are best practices in terms of policies for a corporation and employees to have in place regarding SPAM?

4. What is the best way to combat SPAM. I have heard that packages that use blacklists are not that effective, and those that use keywords are about the same 20% effective. To be more effective would require perhaps 1-2 people to assist in monitoring and tweaking filters and lists.

It was recommended that the best approach for our 4,000 user base was to outsource the email filtering process.

Not sure why fairly sophisticated keyword type rules could not catch perhaps up to 80%. I realize that spammers forge header info so adding the FROM info or domain name probably will not help.
I know pictures cannot be scanned correctly for the most part.
And emails that state "Click here to see my pictures", may be a valid email.

Perhaps some package can do keyword filters as well as authenticate the domain it came from without of course adding our name to their list. A ping perhaps. But then again, if they forge some of the MTA and Header info-then it could be a valid from address.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.