Avatar of PowerEdgeTech
PowerEdgeTechFlag for United States of America asked on

Exchange Server and Spam

Our Exchange server was recently updated from 2003 to 2010.  We have never had any hardware or software anti-spam solutions implemented, but after moving to Exchange 2010, we have become inundated with spam.  We have DOZENS of domains added to our whitelist that were being blocked as spam and hundreds of spam emails every day that manage to get into our inboxes.  We never had an issue with 2003.  I "heard" somewhere that 2010's spam filter was pretty poor, with the intention that it was intended to be used with another anti-spam solution.  First, is there any truth to this?  Second, is there a reason why spam became an issue after the upgrade?  The company that did the upgrade wants to "come to the rescue" with, no doubt, an expensive solution, while it seems to me that the Exchange upgrade was somewhat incomplete to begin with.  I'm not necessarily looking for add-on anti-spam solutions, but more curious why the upgrade seems to have led to this and if there is anything built into Exchange 2010 that can help.  Anyone have some insight for me?  Thanks.
ExchangeEmail ServersAntiSpam

Avatar of undefined
Last Comment
Alan Hardisty

8/22/2022 - Mon
Jeff Perry

We have always used a Cisco IronPort appliance for SPAM filtering/blocking.

At my previous job I used a diy Linux based solution called spamcop but I am pretty sure it has evolved into just being a blacklist service.

Spamcop settings for IMF
•Display Name: spamcop
•DNS Suffix: bl.spamcop.net

I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error.

Configuring Intelligent Message Filtering for 2010 is covered in this TechNet article:


"I am a little curious as to your statement "We have DOZENS of domains added to our whitelist that were being blocked..." whitelist's are allowed domains and if the spam is coming from those domains then that is a configuration error."

I know what whitelists are.  If we adjust the SCL filtering too low, trying to catch all the spam, then legitimate emails get blocked too (even at SCL 5), so we add them to the whitelist.  Spam is not coming from any of our whitelisted domains.  The domains we added are domains we do business with; we did not add domains like jibakker.com, mindthinksuccess.com, reggaecolombia.com, and enlargeyourmanhood.com.

Again, not looking for add-on solutions for now (we did not have an add-on solution with 2003) - trying to understand why the upgrade to 2010 led to such a drastic increase in spam.

I've looked through the article you posted before and have tried working with much of it ... maybe I need to delve deeper into it (I'm obviously not an Exchange guy), but it hasn't had much of an effect so far.

Thanks for you comments though.
Jeff Perry

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

My only guess as to why the increase in spam without adding a solution would be either:

the spam settings you had previously were not migrated correctly


message filtering wasn't enabled on the new server.

Since you seem to be using native filtering I am assuming a misconfiguration somewhere on the new exchange server.
That was my hope - it may give us some ammo in negotiating a solution with the company who did the upgrade.

I never had to do anything with the previous Exchange server, as far as spam went, so if there was any configuration at all, it was pretty darn good at weeding out spam.  Message filtering works on the new server, because as I block keywords or increase/decrease the SCL threshold for spam, it reacts most of the time, but SCL, when used alone, hasn't been a very good indicator of spam for us - too much spam still gets in when set too high; too much legit mail gets blocked when set too low ... SCL of 5 seems to be where we get into trouble ... lots of spam comes in at 5, but so does much of our legit email.

"'domains added to our whitelist that were being blocked...' sounded odd"

Sorry if I didn't make that very clear ... at one point, we tried quarantining SCL 5 messages, but about half of our legit email was being blocked, so we started adding the legit domains to the whitelist.  We have since bumped the SCL to 7 to allow most of the legit email (which is the most important thing at this point), but now we are bombarded with spam that comes in at 5 or 6.

I think we'll let the company handle the solution, with some push-back from our end for what seems to me to be an incomplete install/migration.

Thanks again.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Alan Hardisty

I've always used Vamsoft ORF for Spam on Exchange and not been disappointed.  I'm not a fan of the built-in tools as they are way too inflexible, but I use some of them in conjunction with Vamsoft and get very low amounts of spam.