Problem solve Get help with specific problems with your technologies, process and projects.

Custom email filtering with Forefront Protection 2010 for Exchange

ForeFront Protection 2010 for Exchange helps keep spam and viruses at bay. But did you know you can also use its custom email filters to enforce corporate email policies?

Microsoft Forefront Protection 2010 for Exchange Server is primarily known for its antivirus and antispam features. But often overlooked is the fact it also lets you create custom filters based on the sender, keywords, attachments and other email attributes.

Regular Exchange filters work on top of the To: and CC: metadata attributes and support importance levels for filters. ForeFront Protection 2010 for Exchange (FPE) provides flexible filtering capabilities that include case-sensitive keyword searches, the ability to filter by file types and a consolidated view of all filters in a central location. Here are various FPE filters and how they will help you manage email services and enforce policies more effectively.

ForeFront Protection 2010 for Exchange filter types
FPE supports five types of filters. When configuring these filters, you must do two things. First, you must specify criteria that will be matched in the message, and second, you must designate the action to be performed if the message matches that criteria.

1. FPE file filter: This filter screens for files based on type, name, extension or size. For example, let’s say you want to prevent executable files from reaching your email system. To do so, filter by .exe and .dll. Similarly, to prevent large attachments from consuming too much storage space, specify the maximum file size that is allowed in incoming email.

2. FPE keyword filter: This filter lets you create a list of keywords that, if present in the message, trigger the filter; you can also specify a minimum number of keywords that must be present. In certain cases, you may want to filter based on a single term, such as offensive words that might contribute to a hostile work environment. In other cases, where terms may have legitimate uses based on context, you can match two or more potentially problematic terms together to reduce the risk of misclassifying a legitimate message.

3. FPE sender-domain filter: This filter scans the From: field of a message. If the sender’s address is explicitly listed or if a domain pattern in the criteria matches the sender’s address, the message is filtered.

4. FPE subject-line filter: This filter blocks messages based on subject-line text. When setting your criteria, you can specify either a full or partial subject line. Partial subject lines are specified using “*”.

While this filter is most often used to block unwanted and unsolicited messages, it can also be used to collect data about particular message types. For example, you can create a subject line filter to scan for “*job” or “*internship*” and configure the filter to let the message pass, while keeping track of how many messages with the designated words have been received.

5. FPE allowed-senders filter: This filter is a bit different from the others. Rather than checking messages for particular content, the allowed-senders filter permits messages from known senders to bypass other filters. Use this filter for internal email addresses or trusted business partners if Exchange server performance is an issue.

This setting doesn’t modify antimalware scanning, but messages from known senders are still subject to it. Allowed-sender filters can be configured for individual email addresses as well as domains. When you define this filter, you actually specify the type of action that is skipped, such as filtering files, keywords, subject lines or sender domains.

ForeFront Protection 2010 for Exchange action types
When a message matches any of the filter criteria, a specified action is performed. You must specify whether to skip, delete, purge or identify a message.

  • If you choose the skip option, the message is passed on, unaltered, but recorded. The skip option helps collect data on the volume of certain messages, without disrupting mail flow.

    You can also combine the skip option with filter criteria designed to identify messages based on topics. This helps you understand the amount of different types of messages your users receive. For example, you can determine what percentage of email messages are complaints, business solicitations, non-work related messages, etc.

  • The delete option removes an attachment from a message and replaces it with text indicating as such.
  • The purge option deletes a message, but you can also configure FPE to quarantine it.
  • The identify option inserts a message into the subject line or message header so that the recipient can easily see that the email has been flagged.

    FPE custom filters help enforce messaging policies, especially when it comes to appropriate use of your corporate email system. They help you reduce the spread of offensive content, prevent large files from being exchanged over email and encourage the use of file transfer programs and collaboration services like Microsoft SharePoint.

Dan Sullivan is a technology writer and analyst with Concentrated Technology, LLC.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.