• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 729
  • Last Modified:

Spam, Spam, Everywhere

Hey Everyone,

My entire company, with the exception of myself, receives a ton of spam email.  Sometimes they receive over 50 spam mails a day.  One guy actually got a spam message from himself, at least it appears that way.  We are using Exchange 2003 with a POP3 through a company called Pen Publishing.  The reason I don't receive any Spam mail is because I am not setup to use the POP3, my account is strictly exchange.  This keeps me from receiving outside emails.

I temporarily fixed the problem by installing a Microsoft Outlook 2k3 spam filter from Microsoft.com.  That reduced the spam mail for most people for about a 3 weeks or so.  Now it's back up again.  How can I stop the flow of all these stupid spammers?
3 Solutions
Ron MalmsteadInformation Services ManagerCommented:
depending on the size of your organization...you might want to get an external spam filtering service deployed...  e.g. www.postini.com  <excellent !  can't remember the last time spam actually made it to my inbox after signing up with postini.  Cost might be an issue though if your company is small.

Blocking spam completely is a painful task unless you use a quality filter/blacklist service/or external filtering service..  Mostly because the IP addresses of the spammers are usually dynamic IP's...which are typically comprimised workstations on the internet being utilized as relay's.

Trend micro for exchange "scanmail" can be very useful for creating custom rules to block and purge spam.....the draw back is the aministration it requires.
crowebrAuthor Commented:
Well, we aren't the smallest business, but we certainly aren't the biggest either.  I would say we are a medium/small business.  Depending on the cost we probably couldn't afford it.  How much is it?
The best solution to fight against spam is to go with a third party application. We use Vircom's Modusgate.

There are a few settings in Exchange 2003 that will help but they will do very little to stop it completely. With Exchange 2003 Service Pack 2 there are a few extra filters included. On the Message Delivery Properties under Global Settings you can setup these filters. You can use Sender ID filtering to defend against spoofing. Intelligent Message Filtering is a pretty generic spam filter that will place the messages in the users Junk Mail folder. Recipient filtering will get rid of any messages addressed to people who are not listed in Active Directory. Sender Filtering will allow you to block messages from individual email addresses. These filters have to be enabled on the Default SMTP Virtual Server.
crowebrAuthor Commented:
Those are both already setup like that.  Granted the Sender ID list isn't very big, but it is there.  Unless there is something in Windows that I don't know about, we might have to go with some outside vendor like xuserx suggested.
Exchange IMF certainly didn't cut it for us. 89.5% of messages we receive is spam. So only a small percentage is legitimate mail. With IMF we had too many false postivis and still to much spam made it to the inboxes. Also, the users where not that happy to have to go through unwanted mail folder regularely.

So we installed a third party appliance: a PineApp Mailsecure. http://www.pineapp.com/products.php?ms2000 
For us it blocks > 99...% spam with almost 0 false positives. The system also gets very frequent updates and Pineapp seems to be on top of the latest - and not so greatest - types of spam. They adapt fast!
Next to a very good and up to date anti-spam engine (and antivirus) it accomplishes this through the aid of the users. You can set things up so that users get a daily (or more frequent) list of all blocked and not blocked email. The mailuser himself can then release any false positives himself and also mark the sender as being safe. Blacklisten can also be handled by the user. In essence the user trains the system where necessary. After a few weeks things stabilize and only rarely do the users have to release/whitelist/blacklist anything.
It also takes away the burden of managing lists from the IT department.
It's very easy to set up. Basically you forward the SMTP traffic from your firewall to the appliance. And in the appliance you configure which is your exchange server. So it sits inline between your firewall and the exchange server. They have different classes of appliances depending on the load / number of users. And the price is very right, with appliances for small to medium size companies.
And no, I am not or shareholder, employee or distributer of PineApp ;-) Just a very happy user with very happy endusers.
Quote from my CEO: I can finally use my email again! Need I say more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now