Create a global Safe Senders List in Exchange 2007 to filter spam

Find out how to create a global, aggregate Safe Senders List in Exchange Server 2007 and Microsoft Outlook 2007 to manage spam and junk email filtering.

When Microsoft included the Junk Email folder and associated filtering mechanisms into Outlook 2003, it marked a leap forward in the ability to control spam in Exchange Server organizations. Although the Junk Email folder and other message hygiene mechanisms work well, they aren't easy to manage. Changes in Microsoft Outlook 2007 and Exchange Server 2007, specifically in the Safe Senders List, make spam filtering even more manageable. This tip focuses on how to create and use a global, aggregate Safe Senders List in Exchange Server 2007 and Microsoft Outlook 2007 to help improve spam filtering of users' email within your organization.

One of the biggest spam-related management challenges in Outlook 2003 and Exchange Server 2003 was the Safe Senders List, sometimes referred to as a whitelist. Each email user can create his or her Safe Senders List. Unfortunately, Exchange Server 2003 and Microsoft Outlook 2003 don't provide a way to centrally manage this list. While Exchange Server 2003 allows you to create a central whitelist, the list doesn't take the contents of individual Safe Senders Lists into account.

Changes to Exchange Server 2007 and Microsoft Outlook 2007 give Exchange administrators the ability to create an aggregate Safe Senders List. This is a compilation of all individual Safe Senders Lists that serves as a global whitelist for the organization. Essentially, if a user marks a particular sender as safe, then there is no reason why other users in the organization shouldn't also consider the sender as safe.

More on this topic

There are several benefits to creating a global, aggregate Safe Senders List. The most obvious is that it potentially can reduce the number of legitimate messages that are incorrectly marked as spam. If a sender sends email to a recipient in your organization often enough that the recipient adds the sender to the Safe Senders List, then the sender most likely has a strong relationship with the recipient. In this case, the sender may send messages to other recipients within the organization. An aggregate Safe Senders List ensures that the sender's messages aren't treated as spam, regardless of which employee the sender attempts to contact via email.

Another benefit to a global Safe Senders List is that it's helpful for new employees or those who haven't created their own Safe Senders List. Normally, when you create a mailbox for a new user, that user doesn't have a Safe Senders List. Users must manually add senders to their whitelists. Having an aggregate Safe Senders List in place gives these users an established whitelist they can use while they're building their own lists.

To create a global, aggregate Safe Senders List, open the Exchange Management Shell and enter the following command:

Get-Mailbox -> Update-SafeList –Type SafeSenders

Although this command is simple, there are a few things that you must know about aggregate Safe Senders Lists before you create one.

  • The aggregate Safe Senders List isn't compatible with Exchange Server 2003. If you have users with mailboxes residing on an Exchange 2003 server, the command will trigger an error when trying to process those mailboxes.
  • The aggregate Safe Senders List doesn't update automatically. Administrators must periodically run the above command to update the list. Most administrators prefer to create a script that runs the command at specific intervals, so they don't have to enter the command manually each time.
  • The process of creating a global, aggregate Safe Senders List can be time consuming and resource intensive. The process obtains the contents of each individual Safe Senders List and writes collective lists to Active Directory. This can strain your Exchange servers and domain controllers. Therefore, it's advisable to run the process during non-peak hours.
  • Each sender is limited to 1,024 Safe Senders List entries, although most users won't reach this limit. The limit applies to the number of entries on an individual Safe Senders List, not to the length of the aggregate list.

About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Dig Deeper on Exchange Server setup and troubleshooting