Handling spam & virus to mitigate business impact is the top most item in the IT budget of any organization these days. Creating a strong barrier between the customers’ messaging infrastructure and the outside world is one of the key strategies of IT Management.
What are some of the problems we currently face in this area?
Lost employee productivity – Because they spend time deleting spam after careful checking, they discuss it with their co-workers and lastly, they complain and report to the IT support, management, supervisors etc.
IT Costs ramping up – Exchange Server processors get intensive while handling spam and consume storage and bandwidth. Procure additional hardware to cope with the exorbitant amount of spam. Lastly, IT administrators get busier while fighting spam.
Apparently, IT management keeps thinking about ways to upgrade the messaging infrastructure capacity. If you are using Exchange Hosting with one of the Microsoft Certified Partners, then you need to know how they protect your e-mail & manage e-mail traffic. In general, most of the providers have a mechanism in their hosted messaging environment to provide advanced security and management functionality which addresses external e-mail connectivity concerns such as viruses, spam and denial-of-service attacks. So hosters “sanitize” the e-mail by filtering it earlier than its arrival at the customer’s mailbox. Overall, this layer of protection minimizes unwanted and destructive emails coming to the customer’s organization.
Along with Messaging services, customers leverage the additional e-mail protection services from most providers. This is usually termed as hosted perimeter (DMZ) messaging infrastructure where emails are “sanitized” at the hosters’ Datacenters. Below is a typical hosted environment diagram of the Email protection infrastructure which comprise best of breed technologies in Anti-spam, Anti-virus, Content Filtering & Mail Relay in particular.
What are the key services hosters provide as part of e-mail protection services?
What are the key services hosters provide as part of e-mail protection services?
It depends on which service provider you choose. In general, you can expect the following functionalities:
- Antivirus Services – To detect and remove infected emails sent to and from users. A notification email will be sent to users, and the reason for removal can also be included in the email.
- Anti-spam services – To detect, blocks, and stamp unsolicited “junk” mails before delivering to the organization. Users will get an option to “whitelist” senders in order to place them as safe senders.
- Managed Mail Relay services – When you have decided to opt for Exchange Hosting Services, mail relay security feature is in place by default. This includes management, monitoring and support for the messaging gateway hardware & software infrastructure services.
Optionally you can ask for following enhancements:
Content filtering – First thing first, make sure emails are not delivered if content filtering fails and goes down for some reason.
Attachment Removal – This is part of content filtering services. But it does a lot more work, it should be able to do the following:
Filter any attachment in the blacklist. Customers can set file types other than the default ones for blacklisting. The email is received at the customer side without the file attachment with a notification message indicating the attachment has been removed due to blacklisting.
Filter any attachment which exceeds the compression level configured. Customers can choose the level, in a tight security environment, 2 level compression is configured. The email is received at the customer side without the file attachment with a notification message indicating the attachment has been removed due to having a compression level exceeding 2.
Filter any attachment with mismatched file headers so that email is received at the customer side without file attachment with a notification message indicating the attachment has mismatched file headers
Filter any attachment which is not specified either at blacklist or whitelist (we can call it grey list). Again, this is only implemented where security is paramount (e.g. military, national security, etc)
Filter any attachment embedded with items specified in the blacklist. Then, the email is received at the customer side without the file attachment with a notification message indicating the attachment has an embedded item in the blacklist. For example, spammers can embed .exe application in a Word document and send the word document across. Tricky! Isn’t it?
Logs – in the above scenarios, the reason for attachment removal should be logged at the content filtering services application. Usually, the logs contain:
Date & Time Stamp
Sender information
Recipient list, which includes CC and BCC
Also, Content filtering service should be able to handle attachment filtering which is larger than the maximum memory configured. Generally, this could be 5-10 MB. The notification to the users should contain an email message stating that the mail is quarantined.
E-mail Client SecurityRights Management Service – You can accomplish the next level of email client security by having Windows Rights Management Services. This service is now part of Windows 2003 Server R2 and Outlook 2007 already has an inbuilt RMS client. If hosters provide this service, you can protect your information using an RMS enabled Outlook client. So access to digital information is safe from unauthorized use both online and offline, inside and outside firewall. In other words, this is the mechanism of preventing emails and attachments from being circulated outside the intended group of recipients. To elaborate further, the “copy” functionality is disabled, “save as”, “print” & “forward” options are grayed out.
Digitally Signed & Encrypted mails – With the help of certificate authority (e.g. VeriSign, Windows CA etc), outlook clients are able to send digitally signed & encrypted mails.
Leveraged Benefits
Usually when a customer decides to choose Exchange Hosting Services, they made up their mind to outsource all messaging related infrastructure (hardware, software & management). So, leveraging the email protection services is on top of this and from an overall cost perspective this is a win-win situation. Exchange Hosting providers utilize best of breed multi-vendor technologies to stop 80-90% of incoming spam at the perimeter and remove almost 90% spam. With multiple Anti Virus engines strategically chosen, it can detect and disinfect almost 90% of viruses in less than 4 min time.
In summary, e-mail protection service is a key component when making deals with Exchange Hosting Providers. The underlying technology built to achieve email protection varies from hoster to hoster. So make sure you understand it.
-Shaji Firoz