The importance of filtering outgoing email in Exchange environmentsWritten by Paul Cunningham on January 22, 2009
When planning an email security solution many organizations put a lot of thought and effort into protecting their environment from external threats. They use such measures as blocklists and content filtering to prevent spam from reaching end user mailboxes.
Despite this effort some businesses fail to also consider filtering outbound emails. Often the outbound email path bypasses the system that scans incoming emails from the internet, and instead sends the emails directly out to the destination.
Why should we scan and filter outbound email messages?
Outbound email messages should be checked for spam or malicious content because of the risk such content poses to the organization’s reputation.
An organization found to be sending spam or viruses risks:
- Damage to their brand names
- Loss of trust and reputation with customers and business partners
- Being blocked by other email administrators
- Being added to IP block list provider databases such as SpamHaus
- Bandwidth saturation impeding other online communications
How can spam or viruses be sent from our business networks?
I’ve worked with a lot of customers over the last 10 years and it is not uncommon to find more than one of the following weaknesses in their network security:
- Unsecured wireless networks
- No doors or security barriers in offices
- Firewalls that allow any device on the network to sent outbound SMTP
- Email servers that permit any device on the network to relay SMTP
Some of these combinations create very serious security problems. If I can get access to your network via an unsecured wireless access point, and your email server permits any device on the LAN to relay so that the photocopiers can automatically order more toner from the supplier, then what is to stop me sending spam or virus emails from your network?
A worse scenario is what can potentially be done with a legitimate user account without any of the abovementioned security weaknesses existing. A disgruntled staff member, or someone who gains access to an unlocked computer in an insecure part of the office, could use those network credentials to send email out of the network.
How do we filter outbound email messages?
Although Exchange Server 2007 contains anti-spam features that can be used to protect an organization from incoming spam, they provide no protection for outgoing threats. The inbound protection also suffers from some disadvantages such as a lack of Bayesian capabilities, poor reporting, and cumbersome quarantine management.
Combine this with the habit of many email administrators of sending outbound email directly from Exchange to the destination on the internet and the risks become clear.
The solution to this problem is to implement an email security solution into the network. This carries a dual benefit in that it can be used to filter both inbound and outbound email for the organisation. The email security solution solves the weaknesses and deficiencies of the built in Exchange Server 2007 anti-spam features as well as provides outbound protection to preserve the reputation of the business.
Always consider outbound filtering when planning your email protection strategy.