In-Depth

What’s New in Exchange 2003

Spam-stopping features are included in this new version.

So, what has Microsoft been up to while the spam tsunami was breaking over our heads? Working on Exchange 2003, for one thing. Although Exchange 2000 offers no real protection from spam, Exchange 2003 incorporates several features designed to either stop spam or make it easier for add-in products to stop spam. I had a conversation with one of the program managers on the Exchange team about these new features.

First, there are some anti-spam features “in the box.” Exchange now has the concept of global accept and deny lists. These are lists of SMTP addresses from which you wish to always accept or always refuse mail, sometimes called whitelists and blacklists. Exchange also supports using DNSBL servers for filtering. You can configure multiple DNSBL rules on a single Exchange server. These rules support exception lists, so you can make sure that your trusted partners don’t get accidentally blocked by a DNSBL.

Exchange can now be set up to refuse messages for nonexistent users, and you can choose not to send a non-delivery receipt (NDR) when a message arrives for a nonexistent user. This prevents the common dictionary attack where a spammer tries to determine which e-mail addresses are valid in your domain by sending test e-mails to thousands of names and watching for NDRs.

Exchange 2003 also implements a new anti-spam API that can be used in partner solutions to analyze incoming messages. Similar to the existing anti-virus API, the anti-spam API lets an external program look at each message and assign it a “Spam Confidence Level”—a number from zero (definitely not spam) to nine (almost certainly spam). The system administrator can choose the threshold confidence level at which they wish to start deleting or quarantining mail. All of the major vendors are working on products that will use the new API to integrate more tightly with Exchange. The API is private, but Microsoft is sharing it widely with interested ISVs.

Outlook 2003 also includes some features designed to work well with Exchange 2003 in fighting spam. In addition to its own anti-spam engine, Outlook 2003 lets the user maintain a whitelist and blacklist. These lists can be maintained on the client, but users can upload them to the Exchange server so that the messages never reach the client at all. Outlook Web Access can also work with these lists. Finally, Outlook also strips out HTML content such as Web beacons to prevent spammers from phoning home if they do manage to slip a message through.

Additional Information on Spam

Outrun the Avalanche
http://mcpmag.com/features/article.asp?editorialsid=362

Understanding Bayesian Analysis
http://mcpmag.com/features/article.asp?editorialsid=364

Two Services for the Enterprise
http://mcpmag.com/features/article.asp?editorialsid=365

Using DNSBLs
http://mcpmag.com/features/article.asp?editorialsid=366

A Thanks to Hormel
http://mcpmag.com/features/article.asp?editorialsid=367

Spam-Fighting Terminology
http://mcpmag.com/features/article.asp?editorialsid=368

If you’re considering whether to upgrade an existing Exchange 2000 organization to Exchange 2003, you might find that these new features help tilt the scales toward upgrading. The release over the next few months of partner solutions designed to integrate with the new anti-spam API should continue to make Exchange 2003 even more attractive and lower the cost of fighting spam even more.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.