Microsoft Focuses on Antispam for Exchange 2003

With spam on track to become one of the biggest drains on companies’
network resources, Microsoft Monday used the RSA
Conference in San Francisco as a platform to introduce a new antispam tool
for Exchange Server 2003.

The tool opens up Exchange Server to allow partners to integrate their own
antispam modules with the server, and Microsoft said that integration will
drive better content filtering with fewer false positives. In addition,
Microsoft unveiled an updated version of its virus-scanning application
protocol interface (VSAPI 2.5), which also allows partners to integrate
their complementary offerings with the product.

“We know customers’ pain,” said Kevin McCuistion, director of Exchange
marketing and business development at Microsoft. “Security and privacy are
more important than ever right now and, as an industry leader, we know
Exchange and its industry partners have to offer an end-to-end solution to
customers that will help fend off security threats at the gateway, on the
mailbox server and at an end user’s mailbox. Microsoft’s philosophy is to
stop viruses and spam at the network perimeter, keeping end users focused
on the task at hand.”


Research firm Gartner , in its November 2002 report “E-Mail
in 2003: The Risk Level Rises,” said spam is increasing at a rate of 1,000
percent per year, and is on track to become more than 50 percent of e-mail
message traffic by 2004. The report “Anti-Spam for Businesses and ISPs:
Market Size 2003-2008,” by Ferris Research, found that spam will cost U.S.
businesses more than $10 billion in 2003.

Even leading anti-virus software vendors like Network Associates, Symantec
and Trend Micro are recognizing the trend and adding antispam products to
their lineups. All three are working on antispam products that integrate
with Exchange Server 2003, and Network Associates used Microsoft’s Exchange
2003 announcement Monday as an opportunity to unveil its own McAfee
SpamKiller line.

“Spam clogs users’ inboxes and e-mail storage devices, and creates
significant security and liability concerns for the enterprise,” said Eric
Hemmendinger, research director for security and privacy at Aberdeen Group.
“IT buyers should evaluate antispam solutions in terms of fit with the
existing infrastructure, detection rates, and false positives rates.
Ignoring one or more of these factors may well lead to a choice that is
hard to use, and does not solve the problem for the customer.”


To answer the spam threat, which promises to become a drain on network
resources and productivity, Microsoft’s new antispam tool for Exchange
Server 2003 allows partner offerings to scan incoming e-mail messages and
then attach each one with a numeric score dubbed a Spam Confidence Level
(SCL). The SCL denotes the probability that a particular message is spam,
and network administrators will be able to set a threshold SCL which will
determine whether a message is forwarded to a recipient’s inbox or junk
mail folder.


A number of partners have already signed on to integrate their offerings,
including: Brightmail, GFI Software, Network Associates, Sybari Software,
Symantec and Trend Micro.

“Spam has become the No. 1 pain point for our enterprise messaging
customers due to its negative impact on messaging infrastructure as well as
end-user productivity,” said Chris Miller, group product manager at
Symantec. “Microsoft’s antispam innovations in Exchange 2003, such as the
Spam Confidence Level, will make it easier for vendors like Symantec and
customers to address this challenging and complex problem.”


In addition to the new antispam tool, Exchange 2003 has been architected to
work directly with the junk mail filters in the forthcoming Microsoft
Office Outlook 2003 application. Microsoft said the filters will allow
users to block HTML content by default, assign “safe” and “block” lists,
automatically file junk mail to the trash, and profile spam by assigning
points or scores to identifiers such as keywords or patterns. Additionally,
the company said users will be able to save Outlook 2003 and Outlook Web
Access “safe” and “block” senders lists on the Exchange server, allowing
the preferences to work for mobile users on any desktop or device connected
to the network.


Finally, for the network administrator, Exchange 2003 allows the
assignment of enterprise-wide allow/deny lists and the integration of
real-time black hole list (RBL) services.

On the viruses front, VSAPI 2.5 will allow partners’ antivirus offerings to
scan e-mail messages at the entry point of customer networks, before it
even reaches the Exchange mailbox server. In addition, with VSAPI 2.5,
Microsoft said it is possible to prevent infected e-mail from leaving an
organization by scanning outgoing mail. The API will give antivirus
products more options when it comes to deleting infected messages, and the
ability to automatically send a warning message back to the sender that a
virus was detected and the mail deleted.


GFI, Network Associates, Panda Software, Symantec and Trend Micro are
already designing their products to take advantage of the capabilities of
VSAPI 2.5.

News Around the Web