Quarantine in Exchange Server IMF

 

Exchange 2003 IMF and Exchange 2007 Content Filter do have their own Quarantine functionality.  In Exchange 2003 you can Quarantine Emails into an archive directory.  You can then use one of the freely available Archive viewers to release emails. This is a little fiddly to do.

 

 Exchange 2007 provides the Quarantine by routing blocked emails to a central mailbox.

 

 In addition both versions support routing emails to the user Junk Email folder. In this manner users can review filtered spam on their own. In order to release the email more configuration is required

The disadvantages of quarantining spam inside Exchange or in user mailboxes are as follows:

– Once in the Exchange server the spam has already wasted processing resources. There may be many thousands of spam email!

– Once in the Exchange server the spam has already wasted storage resources

– If using a central quarantine, the admin has to manually review and release spam using limited tools to browse the quarantine and identify the spam vs non spam email

– If spam goes to user mailboxes then the administrator cannot easily mass-delete blocked spam for users

– If spam goes to user mailboxes then the administrator cannot easily add specific blocks and reject rules based on the  blocked spam to prevent similar spam even arriving in the quarantine in future.

–  If spam goes to user mailboxes then the users may inadvertently trigger malware or scripts or open attachments in the spam email and infect their machines. Any images shown in the spam may track their viewing

of the spam and notify the spammer that the email address is active.

So it seems its best to keep spam (as email) away from the user mailboxes, and quarantine it outside of Exchange.

Hexamail Guard allows you to  quarantine spam BEFORE it reaches Exchange. The advantages of this approach:

– Eliminate  processing and storage requirements on Exchange.

– The Administrator can review spam in large volumes, grouped by subject, block rule, country code, ip address etc.

– The Administrator can perform batch operations such as deleting all spam of a similar nature

– The Administrator can perform batch operations such as releasing all nonspam of a similar nature

– The Administrator can use blocked spam to setup new rules to automatically  reject or delete future spam before it is even quarantined

– The Administrator can whitelist nonspam senders so that in future they are never blocked.

– Users can review their spam using a web interface that is entirely safe, only the text of the email is rendered so no scripts or attachments can be triggered.

– Users can whitelist non spam senders for their specific account so that they will receive email from those senders unhindered in future.

– Users on restricted bandwidth (such as mobile devices) don’t have to waste time downloading spam email. They can review the headers and delete or accept email in a fully responsive web app.

Some of the features of the administrator spam quarantine are shown here

antispamquarantine

batch-action

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s