Microsoft Forefront Protection for Exchange 2010 Features in brief
Microsoft Forefront is such a security system which contains both hosted (Cloud based online protection) and on-premises security system for Server and Client computers which enables fast and consistent virus & spam filtering with several virus scanning engines in a single platform.
It comes to secure MS Exchange server with the package name - Microsoft Fore front Protection 2010 for Exchange Server (FPE). It has two options to configure and manage the service through Forefront Protection Server Management Console 2010 besides Windows power shell.
Fore front Protection 2010 for Exchange Server is capable to deploy inside LAN (Local Network) with the mailbox roles and hub transport. It also works with the Threat Management Gateway (TMG) or edge transport as well. It has been planned and designed to offer the protection with three layers filtering mechanism:
i) Content filtering
ii) Protocol filtering
iii) Connection filtering
First Layer – Content filtering (This layer rejects 55% - 60% unwanted objects)
a) Cloudmark– Is a spam filtering engine which can eliminate 98% of spam which is guaranteed by Microsoft.
b) Every 45 seconds database update– With this facility scanning engines can improve it’s detection capability and present optimum security.
Second Layer –SMTP Protocol filtering (Rejects up to 3% - 5%)
a) Sender– Monitors valid sender address and rejects mails from invalid sender. Also rejects mails from blocked sender / domain list.
b) Sender ID– Verifies the MTA’s (Mail Transport Agent) IP address is authorized for mail transaction in favor of actual Domain. By doing so, it rejects spoof mails.
c) Backscatter– It defend the system from false NDR (Non Delivery Report). Sometimes spammers send this type of false report which is not actually sent by you. It is very important to prevent NDR because often it contains Trojans and malicious objects.
d) Recipient– It watches the blocked recipient list and prevents mails to be delivered to a pre-assigned block listed recipient.
e) Global safe list- Facilitate the user to assign a specific sender/domain list safe or unsafe.
f) Global block list– Works same way as Global Safe list.
Third Layer – Connection filtering (About 75% - 80% incoming spam rejection)
a) DNS Block List (DNSBL)– Is a combined Real time blocking list that enlists IP addresses for reputation due to spamming from several third party RBL providers like spamcops.
IP Allow/IP Block– Enables users to accept or reject mails from specific IP addresses which is manually configurable.