Microsoft adds antispam to Exchange 2003

Microsoft today announced new antispam and antivirus technologies that will ship in Exchange Server 2003.

A new antispam tool allows partners to integrate their antispam solutions with new functionality already in Exchange Server 2003 to provide better content filtering with fewer false positives,further maximizing worker productivity. In addition, the updated virus-scanning API (VSAPI 2.5) now includes new features that enable partners to deliver complementary solutions for preventingcomputer viruses and, more important, helping IT departments maintain a healthy network, allowing administrators to focus on keeping users productive.

“We know customers’ pain. Security and privacy are more important than ever right now and, as an industry leader, we know Exchange and its industry partners have to offer an end-to-end solution to customers that will help fend off security threats at the gateway, on the mailbox server and at an end user’s mailbox,” said Kevin McCuistion, director of Exchange marketing and business development at Microsoft. “Microsoft’s philosophy is to stop viruses and spam at the network perimeter, keeping end users focused on the task at hand. We have provided a solid baseline of functionality in the core Exchange 2003 product, and now with these two tools partners can provide an additional layer of security.”

More-Innovative Solutions From Exchange Industry Partners

Spam is fast becoming organizations’ biggest headache. According to a November 2002 Gartner Inc. report* spam is increasing at a rate of 1,000 percent per year, and the report predicts that by 2004 more than 50 percent of e-mail message traffic will be spam — unless organizations defend aggressively against it. In an effort to help block more junk e-mail at the network perimeter, Microsoft is providing antispam partners with a tool to build more-effective, integrated solutions with Exchange 2003 that will further reduce the amount of spam reaching end users’ mailboxes. The new antispam tool in Exchange 2003 will allow partner solutions to scan incoming e-mail messages and attach a numeric score, or Spam Confidence Level (SCL), to each message that indicates the probability that the message is spam. Based on a threshold set by an administrator, the message will be forwarded to either the recipient’s inbox or junk mail folder.

The next version of the VSAPI is enhanced with new capabilities allowing industry partners to develop antivirus solutions that scan e-mail messages at the entry point of customers’ networks, to catch more malicious content before it reaches the Exchange mailbox server. VSAPI 2.5 also makes it possible to prevent infected e-mail from leaving an organization by scanning outgoing mail. These new features will give the antivirus products more options to delete infected messages and, with additional message properties in VSAPI 2.5, automatically send a warning message back to the sender that a virus was detected and the e-mail was deleted, thus helping prevent further spreading. Exchange 2003 will give customers more confidence in the security of their e-mail infrastructures by reducing the number of infected e-mail messages end users receive and administrators have to manage and thereby mitigating the further propagation of viruses.

Enabling Customers

In addition to the antispam tool, Exchange 2003 works directly with the junk mail filters in Microsoft Office Outlook® 2003. These filters allow users to block HTML content by default, assign “safe” and “block” lists, automatically file junk mail to the trash, and profile spam by assigning points or scores to identifiers such as keywords or patterns. In addition, Exchange 2003 can save a user’s Outlook 2003 and Outlook Web Access “safe” and “block” senders lists on the Exchange server, allowing those preferences to work for mobile users on any desktop or device connected to the network. Exchange 2003 also empowers administrators to assign enterprisewide allow/deny lists — automatically dropping incoming messages from senders identified by administrators — and to integrate real-time black hole list (RBL) services, which provide immediate spam blocking if a sender is a known spammer.

As part of the Trustworthy Computing initiative, Exchange 2003 has been architected to be secure by design, secure by default and secure in deployment to deliver the security technologies and reliability customers demand, making full use of the security enhancements built into Microsoft Windows Server (TM) 2003. Further, innovative security technologies such as encryption, authentication and filtering techniques are built in to protect business communications. In particular, Exchange 2003 security has been enhanced to include better default settings such as turning off Simple Mail Transfer Protocol (SMTP) relay and support for Secure Multipurpose Internet Mail Extensions (S/MIME) and HTML/attachment blocking in Outlook Web Access, and support for Internet Protocol Security (IPsec) between front-end and back-end clusters. Exchange 2003 also uses IPsec and Kerberos delegation when sending user credentials between a front-end server handling requests from Outlook Web Access or Outlook Mobile Access and a back-end server such as the mailbox store to help minimize exposure of user credentials.

To help protect critical resources and make Exchange access from the Internet safer, Microsoft® Internet Security and Acceleration (ISA) Server Feature Pack 1 has features that support securing Exchange, including Remote Procedure Call (RPC) and SMTP filtering, URLscan and Internet Information Services (IIS) lockdown and an Outlook Web Access configuration wizard. To ease the burden on administrators, Microsoft offers additional documentation that provides prescriptive guidance on locking down Exchange servers, and tools such as the Microsoft Baseline Security Analyzer to help customers deploy and manage their Exchange and Windows® infrastructures more securely.

Exchange Server 2003 is scheduled to be released in mid-2003. Customers can get more information at http://www.microsoft.com/exchange/