To provide Microsoft Exchange Server with some basic content filtering, Microsoft pulled from their wealth of experience with their spam-magnet known as Hotmail. Smartscreen technology is what they termed their set of algorithms developed to assess the probability that an email message was spam. With the goal of applying this heuristic filter technology across all email franchises at Microsoft, SmartScreen was first deployed within MSN8, Hotmail and Outlook in the form of the Junk Email Filter. The Exchange implementation of SmartScreen is called the Intelligent Message Filter (IMF).
IMF v 1.0 was a standalone installation for Exchange 2003. IMF v2.0 was included in service pack 2 for Exchange 2003 back in October 2005. Exchange 2007 now ships with an updated content filtering system, which some may call IMF v3.0.
Unsolicited Commercial Email is not a stagnant venture. Microsoft provides updates to the IMF filtering based on feedback mechanisms across its messaging offerings to help keep IMF current to combat spam messaging trends. These updates can be expected twice a month and are available as ‘High-Priority Updates’ through Microsoft Update.
In Exchange 2003 sp2, the IMF is installed on all servers by default and then configured thereafter. In Exchange 2007, only the Edge Server role installs content filtering by default. For small companies that do not implement an Edge Server or for companies that employ a different platform as their gateway solution, there is a Powershell script to run in order to use the antispam transport agents on Exchange 2007 servers with the Hub Transport role. From the Exchange Management Shell the administrator can execute the Install-AntispamAgents.ps1 script:
%program files%\Microsoft\Exchange Server\Scripts\Install-AntispamAgents.sp1
The Microsoft Exchange Transport service needs to be restarted for the results of this script to take effect. At that point, there will be an AntiSpam tab in the Hub Transport settings window at the Organization Configuration level as shown in Figure 1.
The IMF is a content filtering component which serves as a single layer in a defense-in-depth approach to message hygiene. Ideally, other antispam efforts including Connection and Recipient Filtering as well as Anti-spoofing with SenderID/SPF will have pared down the volume of messages that content filtering has to work on. The IMF engages after the message body is received, scanning the subject and message body and does not address attachment or header content.
The reference point for content filtering for the administrator is the Spam Confidence Level (SCL). In assessing the spamminess of a message, the IMF assigns an SCL value to the message. Table 1 shows the different potential values for the SCL. Exchange reserves a value of -1 as a special flag to prevent wasting resources filtering internal and system messages. An SCL of 0 is determined to not be spam. Finally a scale of 1 through 9 is used as a rating for messages. Administrators may need to experience these values to determine what actions to take, if any, for certain SCL values.
Table 1 – SCL Value Descriptions
SCL Value | Description |
|---|---|
-1 | Reserved for internal and system messages |
0 | Assigned to show as NOT spam |
1-9 | Probability scale with higher value more |
Figure 2 shows what default actions Exchange can perform based on SCL values. In Exchange 2007, the Transport service can Delete, Reject, or Quarantine messages that meet or exceed an administrator input value. This same properties window allows the administrator to list custom words that either force a message to be blocked or prevent the message from being blocked. In addition, certain recipient addresses may be excluded from content filtering.
Exchange 2003 sp2 allowed a Custom Weight Level (CWL) to be assigned to messages based on words or phrases using an XML file. Administrators had to manually update this option. Exchange 2007 brings this chore into the GUI.
Articles that may interest you:
Last reviewed on Aug 23, 2011
Hot Topics