Messaging Hygiene features in Exchange Server 2003, including the Intelligent Message Filter (IMF), did not have a way to whitelist sending domains or SMTP addresses.
This is a follow up to a previous post, and one of the more popular ones on this blog— “IMF: Where’s the whitelist?“. (“IMF and whitelist” has for long been one of the most common search terms on this blog – Bharat).
Whitelists are common in most 3rd-party anti-spam tools. Adding domains or SMTP addresses of important senders like customers, vendors, or your CEO’s home email address (almost always an AOL address… :) for instance, ensures messages from these domains or addresses do not get filtered by the anti-spam filter.
Bypassed Senders and Sender Domains: The Whitelist
The good news is— Exchange Server 2007’s shiny new Content Filter Agent (or IMF v3 if you will) has whitelists! You can add SMTP addresses and domains to the Content Filter configuration, and have messages from these senders and domains bypass the Content Filter Agent. However, you need to resort to the Exchange shell (EMS) to manage it.
Use the following command o add sender SMTP addresses to the BypassedSenders list:
Use the following command to whitelist the sending domain:
Set-ContentFilterConfig -BypassedSenderDomains somedomain.com,someotherdomain.com
Some whitelisting considerations
Before you start using whitelists, here are a few things you should consider:
- SMTP headers can be spoofed easily. If spammers spoof any of the addresses or domains you whitelist, your recipients may end up getting more spam as all of it will bypass the Content Filter.
- Use SenderID Filtering to detect and protect your mail system from header spoofing.
- Maintaining whitelists, just as maintaining blacklists, is a manual process that imposes its own management costs.
- Checking every inbound message against a list of whitelisted recipients imposes a performance penalty – miniscule as it may be. Use the whitelists sparingly.
Nevertheless, many IMF users have repeatedly demanded this functionality and it’s great to finally have it in what some folks call IMF v3.0.
Bypassed Recipients: The Exception List
The Content Filter can also be configured with an exception list – to not apply the filter to inbound messages for particular recipients. This can be done from the console by going to Hub Transport | Anti-spam tab | Content Filtering -> properties | Exceptions. This list is limited to a 100 recipients – you can add generic recipients that you want to exempt from the Content Filter, such as [email protected], [email protected], etc.
To add recipients to the exception list using the Exchange shell:
- BypassedSenders, BypassedSenderDomains, and BypassedRecipients are multivalued attributes. The following post shows how to modify multivalued attributes:
HOW TO Update multi-valued attributes in PowerShell
- Exchange 2007 Content Filter: How to move messages to Junk Mail folder
- HOW TO: Install anti-spam agents on Hub Transport server
- Quick antispam report or status check?
- HOW TO: Expose original senders and recipients of quarantined messages