none
Exchange Server 2013 Antispam configured, but we keep getting Spam

    Question

  • Hi,

    I configured my exchange server with 6 block list providers, but we keep getting Spam mostly from addresses that try to impersonate my domain. Many of these messages also contain attachments with malware that is not detected by the antimalware feature.

    Roberto

    Wednesday, July 20, 2016 1:30 PM

Answers

  • Frankly, you should consider a third-party message hygiene server, appliance or cloud service.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, July 20, 2016 11:45 PM
    Moderator
  • Hi Roberto,

    As the official document mentioned, Spammers, or malicious senders, use a variety of techniques to send unwanted email into your organization. No single tool or process can eliminate all spam.

    I recommend you can consider combining Exchange build-in anti-spam agents with some other professional anti-spam software(like EOP), that would maximize reduce the spam.

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Thursday, July 21, 2016 8:50 AM
    Moderator
  • As others have said, definitely look into more advanced antispam software (could service seems to be the easiest for most organizations). Just using a block list still lets quite a bit through. However, in the meantime a couple of things you can do:

    • Use Transport rules to block specific attachment types. I would look at blocking any attachment that contains active content like macros. This includes office documents such a docm.
    • You can block messages from the internet that are spoofing your domain. I wrote up some instructions a while ago and posted them here: http://byronwright.blogspot.ca/2016/03/block-messages-spoofing-your-domain.html. However, be aware that the connector you do this on can then not be used by POP or IMAP clients (they should be using port 587 anyway).


    Byron Wright (http://byronwright.blogspot.ca)

    Friday, July 22, 2016 8:01 PM

All replies

  • Frankly, you should consider a third-party message hygiene server, appliance or cloud service.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, July 20, 2016 11:45 PM
    Moderator
  • Hi Roberto,

    As the official document mentioned, Spammers, or malicious senders, use a variety of techniques to send unwanted email into your organization. No single tool or process can eliminate all spam.

    I recommend you can consider combining Exchange build-in anti-spam agents with some other professional anti-spam software(like EOP), that would maximize reduce the spam.

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Thursday, July 21, 2016 8:50 AM
    Moderator
  • Hi Roberto,

    Any update?

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Friday, July 22, 2016 1:37 AM
    Moderator
  • As others have said, definitely look into more advanced antispam software (could service seems to be the easiest for most organizations). Just using a block list still lets quite a bit through. However, in the meantime a couple of things you can do:

    • Use Transport rules to block specific attachment types. I would look at blocking any attachment that contains active content like macros. This includes office documents such a docm.
    • You can block messages from the internet that are spoofing your domain. I wrote up some instructions a while ago and posted them here: http://byronwright.blogspot.ca/2016/03/block-messages-spoofing-your-domain.html. However, be aware that the connector you do this on can then not be used by POP or IMAP clients (they should be using port 587 anyway).


    Byron Wright (http://byronwright.blogspot.ca)

    Friday, July 22, 2016 8:01 PM