About Managing Spam

Managing spam is a matter of effectively filtering email messages. Filtering occurs in three ways: by examining the IP address of the sender, by examining the sender and recipient domain and address information, and by examining the email's content.

Microsoft Forefront anti-spam technology consists of multiple layers of filtering technologies that actively protect your network from spam. Filtering occurs at all three levels, and message rules can be adjusted at several points. Captured messages can be quarantined and administrators can be alerted to quarantine items according to desired protocols.

Microsoft Forefront examines email in three phases:

Connection

The first item of an email that Forefront examines is the IP address of the original sender. Forefront has both static and dynamic IP block and allow lists, which filter out about 90% of spam email.

SMTP

The second item that Forefront examines is the SMTP envelope, which contains Sender and Recipient information. Forefront allows administrators to configure allowed and blocked senders by domains and email addresses and to configure blocked recipients. In addition, Forefront has the capability, through Active Directory queries, to validate that the recipient is valid. Forefront can also use a Sender ID framework to validate that the sender is not spoofing the identity of other senders.

Content

The final item of an email that Forefront examines is the content of the message including the subject line and message body.