Can Forefront 2010 Excnage block sender keywords?

I have Forefront 2010 for Exchange installed. I get spam from senders such as:-

Best Pfizer <me@mydomain.com>

Obviously I don't want to block my own address or domain in Forefront, what I want to do is scan for certain words in the senders address, or scan the entire email (body, headers and subject etc)...

Can this be done
LVL 17
Chris MillardAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Chris MillardConnect With a Mentor Author Commented:
Unfortunately I have not been able to get ForeFront to block keywords in the senders address, and can not afford to purchase a 3rd party program to do this, so I will live with it for the time being.
0
 
BusbarSolutions ArchitectCommented:
configure and enable back scaktter, this will prevent this.
0
 
Chris MillardAuthor Commented:
Do you by any chance have a link to how to do this?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
Alan HardistyCo-OwnerCommented:
@Busbar - What are you referring to?

Backscatter is the sending on Non Delivery Reports to Spammers due to not having Recipient Filtering on your own server.  What has this got to do with the question?

@roybridge - You can configure Content Filtering on the FTMG server to pick up words that don't get automatically filtered.  Personally - I have found the Anti-Spam measures on Exchange 2010 and FTMG to be severely lacking and have disabled them in favour of Vamsoft ORF - which continues to do a much better job IMHO.
0
 
Auric1983Commented:
I agree with @Alanhardisty, regarding Vamsoft ORF, it's cheap and works really really well.  We use it here and have close to a 98% spam blocking ratio.



0
 
BusbarSolutions ArchitectCommented:
@Alan,
FFPE wasn't but biggest strength points I understood BS wrongfully, thanks for pointing it out.
0
 
Alan HardistyCo-OwnerCommented:
No probs Busbar.  Wasn't sure if you were posting in the wrong question : )
0
 
Keith AlabasterEnterprise ArchitectCommented:
Sure it can do it.

Open the gui - select Policy Management
Select filters - -Filter lists.
Click create - select Keyword - Give the filter a meaningful name - such as 'Naughty Words'
Add the words to the list then click next.
Edit - of necessary - the hub transport details and what to do with emails that match these words and finally whether the filter is to act on inbound, outbound or internal mails (or all of them).
Then click on CREATE.
Job done

0
 
Keith AlabasterEnterprise ArchitectCommented:
You can also select other wizards in the same section for sender, recipient, domains etc and slowly build up your set of rules.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Let me break this down a last time.

In respect to your specific question - turn on the option to allow delivery to addresses named in your central Exchange address list . This will stop the delivery of ANYthing that uses your internal namespace without having a valid user name/mail address. I've attached a screenshot for you to view.

Checking words is performed by a various filer lists as I mention previously.


 block-recip.docx
0
 
Alan HardistyCo-OwnerCommented:
Not sure if my article about preventing spam from your own domain is something you would consider as a solution to your problem.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2727-Prevent-Spam-From-Your-Own-Domain-in-Exchange-2007.html

This removes the ability for anonymous users to send mail from your internal domains to your server, cutting this type of spam out completely.

Don't know why I didn't think of this before!

Alan
0
 
Chris MillardAuthor Commented:
I have not been able to resolve this issue, so will continue as-is.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Absolutely ridiculous.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.