Revision #1

You can use FPE to help prevent spam e-mail from entering Microsoft Exchange messaging environments. You can enable FPE antispam technology in the Exchange Edge and Exchange Hub roles.

The Edge Role

The Edge role is the preferred location for antispam scanning because it enables FPE to reject spam early in the process without putting an unnecessary load on the network layers. The technology includes a series of agents that are registered with Exchange and are invoked at specific points in the SMTP pipeline.

Integrating FPE with Forefront Online Proctection for Exchange (FOPE)

You can also integrate FPE with Forefront Online Protection for Exchange (FOPE) to provide an additional layer of filtering for your messaging environment.

If you are using FOPE to filter your e-mail traffic, you can configure FPE to bypass spam scanning of messages that were already scanned by FOPE. For more information, see Bypassing virus and spam scanning for messages already scanned.

How FPE Identifies and Mitigates Spam

FPE uses several kinds of filtering in order to identify and mitigate spam e-mail:

• Connection Filtering—FPE examines the IP address of the original sender. FPE has user configurable static IP block and allow lists and a dynamic DNS block list maintained by Microsoft that can filter up to 90% of spam e-mail.
• Sender Filtering—FPE examines the SMTP sender information. This filter enables administrators to configure allowed and blocked senders by domains and e-mail addresses.
• Sender ID Filtering—FPE uses a Sender ID framework to validate that the sender is not spoofing the identity of another sender. .
• Recipient Filtering—FPE can also be configured to allow and block e-mail messages to certain recipients in your organization. In addition, FPE has the capability, through Active Directory Domain Service queries, to validate that the recipient exists in the company’s Active Directory Domain Service. .
• Content Filtering—FPE also examines the content of the message itself, including subject line and the message body. FPE uses a third-party antispam engine to scan all e-mail for spam.
• Backscatter Filtering—FPE includes new technology that enables administrators to prevent false Non-Delivery Reports (NDR) generated from spoofed sender addresses from entering their environment.

During the first two phases in the antispam pipeline, FPE can reject a message if the message originated from a block-listed IP address or a blocked or spoofed sender. FPE can also be configured to reject a message if it is intended for an invalid or blocked recipient. During the final phase, FPE determines the confidence level that a message is spam. FPE allows you to set a threshold of confidence, which determines the mitigation action FPE takes during content filtering. Messages above the threshold can be rejected or deleted, and messages below the threshold can be quarantined or forwarded to Microsoft Office Outlook. Suspect messages that are forwarded to Office Outlook can be scanned again depending upon the Office Outlook settings.