Partner View

Protect and Optimize Exchange Environments

Paying close attention to the particulars of your e-mail boundary can save you a lot of security grief.

In a recent survey conducted by Osterman Research Inc., more than 60 percent of the 250 respondents identified growth in e-mail storage requirements and spam as two "very serious" issues facing their enterprises. These two problems directly impact server utilization, but Microsoft Exchange administrators can alleviate them by deploying a secure e-mail boundary.

Escalating volumes of spam and viruses, along with evolving threats such as spyware and phishing, pose serious challenges to the security and stability of groupware networks. Relying solely on Exchange's security capabilities to protect the e-mail network can seriously compromise security and significantly increase server load, limiting the number of users each server can support and increasing storage costs. A secure e-mail boundary help solve these problems, if it has the proper characteristics:

Robust Mail Transfer Agent (MTA) to manage traffic and ensure failover. The MTA must be capable of managing enterprise-level volume and support a wide range of security plug-ins, such as anti-spam and anti-virus solutions, policy management and authentication solutions.

Connection control for monitoring and regulating the connection. The standard attack profile for spammers is a mass-mail delivery, without message queuing. Rejecting connections with this profile dramatically reduces the number of messages entering the e-mail network. In addition, that step virtually eliminates targeted attacks like denial of service and address harvesting. By monitoring traffic connecting to an MTA and throttling back as needed, connection control protects Exchange environments from unwanted messages and malicious threats.

Flexible options for anti-spam and anti-virus filtering. Best practices dictate the use of multiple anti-virus solutions from different vendors. Enterprises should look for an anti-spam engine that receives both periodic and micro-updates to deal with the real-time flow and patterns of spam on the Internet. In addition, they should support policy enforcement to augment the engine's functionality.

This function gives the administrator the ability to block, delete and redirect specific messages based on patterns detected in their subject and/or message body.

Directory-driven e-mail security to validate recipients at the gateway. Using directories to validate recipients is no longer a luxury; it's a requirement. By using a secure, high-performance and messaging-specific LDAP directory server, enterprises can leverage directory data to reject invalid addresses at the Internet gateway before involving prior to resource-intensive routines such as scanning, mail store processing and storage. The result: fewer unwanted messages (a reduction of as much as 50 percent), optimized mail processing and routing, and reduced AS/AV filtering.

Authenticate senders to fight phishing, spoofing and fraud. After e-mails have survived the previous checks, it's time to determine where they're really coming from by using Sender Authentication. Most leading SMTP Gateway (MTA) solutions embed the latest Sender Authentication protocols.

Failover protection to enhance Exchange reliability. Groupware systems are preconfigured to bounce mail if they don't receive an immediate confirmation after recipient mail server failures. Rather than queue such messages on the server and load it with delivery re-tries, the optimal solution must possess the capability to queue and store messages in a separate MTA for later delivery.

A properly deployed secure e-mail boundary optimizes the performance and security of Exchange. The end result is a greater ROI on the entire messaging network through enhanced throughput and a reduction in messaging servers.

About the Author

Michael Donnelly is senior architect at Sendmail Inc., a Registered Member and a global provider of enterprise messaging solutions based in Emeryville, Calif.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.