Microsoft Exchange Server 2013

Groups that have deployed a Microsoft Exchange Server to handle their emails may be considering why it would be necessary to implement an Exchange 2013 spam filter.

After all, one would think that the world´s largest software company will have included a mechanism to filter out spam emails in the server´s design?. Well, it actually did.

However, because of the manner that the Exchange Server filter works, some spam email always gets through. Microsoft Outlook’s Benoît Roumagère put that figure at 2% to 3% in 2013; and, as hacker’s methods of delivery become more complex, it is likely that the percentage of spam emails not caught by Microsoft´s filters has grown.

An additional reason for implementing an Exchange 2013 spam filter is to grow protection against malware. Microsoft’s anti-virus products for business often are given poor reviews for their performance. With an Exchange 2013 spam filter, the level of protection against malware, ransomware and other viruses is much more.

An Exchange 2013 spam filter works by reviewing every email against a series of security mechanisms to identify spam. These include Global Blackhole Lists, Sender Policy Frameworks and Recipient Verification settings. Global Blackhole Lists are updated in real time and included in the filter’s front line tests to prevent a backlog of emails from growing..

When a spam email is recognized, it is often quarantined and reported to the end-user or system administrator. The end-user or system manager has the options of delivering the email or deleting it. The same process occurs when an email possibly including malware in its content or as an attachment is identified by the filter´s anti-virus database.

One other task completed by an Exchange 2013 spam filter is the scanning of outbound emails for spam and malware. This function does not exist on Microsoft´s Exchange Server, but it is an important one, as outbound email scanning stops emails being sent out that might result in an organization´s IP address being included in Global Blackhole Lists.

Microsoft offers companies a premium spam filtering service – Exchange Online Protection (or “EOP”) – but the service lacks certain functions that are present by default in an Exchange 2013 spam filter. EOP has also met adverse feedback for having a high maintenance overhead, failing to offer an on-premise option, and for being 20% to 25% more expensive than alternative spam filtering solutions.

Some of the functions missing from EOP include “sandboxing” – in which email attachments suspected of being infected are isolated so that they can reviewed at a later date – real-time dynamic link following, and “greylisting” – a security mechanism that requests a sender’s email server to resend an email suspected of being spam. Hackler’s servers rarely reply to the request.

Alternative spam filtering solutions to EOP vary in effectiveness and adaptability. Due to this, when making an Exchange 2013 spam filter comparison, organizations should consider the following details:

  • Can the advertised rate of spam detection be proven?
  • How are emails identified as spam managed?
  • What percentage of false positives does the spam filter send back?
  • What anti-virus software is used to identify email attacks?
  • What hosting options are available for the Exchange 2013 spam filter?
  • Does an email continuity service take over in the event of downtime?
  • Can independent testimonials be supplied by the service provider?

Other factors will need to be considered depending on a groups’ individual circumstances. Smaller organizations with restricted IT resources may have concerns about the maintenance overhead, while larger organizations may want their Exchange 2013 spam filter to include APIs to link the solution with third party management software.

Comparison Table Exchange 2013 SpamTitan
Spam Capture Rate <99.50% 99.97%
Genuine Emails Blocked Variable 0.03%
Choice of Reporting Options Variable Comprehensive
Antivirus Software Microsoft Dual Protection
Email Continuity Yes Yes
Deployment Options Cloud Only Cloud/On-Premise
Customizable Policies No Yes
Sandboxing No Yes
Greylisting No Yes
Phishing Protection $24 per user/year Included
Dynamic Link Following No Yes

Managed Service Providers (MSPs) with clients operating an Microsoft Exchange 2013 will be particularly curious about in the hosting options, the email continuity service and whether or not the Exchange 2013 spam filter supports multi-tenanting. If so, the MSP should enquire whether administration and reporting is on a “per domain” basis

Outbound scanning will also be important if the MSP’s clients share an IP address, as will a flexible pricing model to address goes up and drop down in demand. Also on the list of things to think about when conducting an Exchange 2013 spam filter comparison is whether or not the filter is available as a white label product for rebranding.