Part 1: Building your own custom spam filter
Building a Solution with VBScript Setting the Message Status Field in the Script Additional Features in the Includes Spam Filter Script What’s Coming in Part 2 of Managing Spam OverviewIn this article I am going go over the problems related to filtering out spam and a few of the solutions available to day. I will also cover create and manage your spam filtering script for Exchange 2000. The ProblemAnyone who has had an e-mail address more then a few months should be familiar with spam. There are many different types of spam, from those annoying chain letters to the sexually explicit e-mails advertising porn sites. The technical issues related to filtering out spam are very complex due to the many different techniques spam companies (spamers) use to try to prevent their spam from being blocked. The main issue preventing organizations from filtering out spam is the desire to not filter out legitimate e-mails. For example if someone receives a chain letter from a friend you wouldn’t want to filtered out all future e-mail from that user. It is also very important not to filter out all e-mail from a valid mail system, like hotmail.com, even though spam may be coming, or at least look like it is, from that host. So what is needed to prevent 100% of spam is someone who can scan every incoming e-mail and make a choice if it is spam or not, and if it isn’t then forward it on. Of course this isn’t a viable option for many reasons but even if this was possible what is spam to one user may not be spam to another. So in short there is no way to prevent 100% of spam and of course if you want to prevent as much spam as possible you need to automate the process.
This takes us to the real problem, how do you automate the filtering of spam without preventing valid e-mails from being blocked. If all spamers sent their spam from a host like spamer.com it would be very easy to filter the spam. But it is their “job” to make sure their spam gets to you because they get paid by the number of e-mails they deliver. So the spamers use many different tactics to get past automate spam filtering software.
Here is a list of some of the common tricks the spam companies use: 1) Forged From and To addresses · You will often seen e-mail coming from what looks like a valid address, like user@hotmail.com, but some times it will be just “Undisclosed Recipients.” 2) Forged sending server DNS name · It is common for the DNS address of the host that sent the message in the message header, the area of a message that contains data on where it came from and many other message properties, to look like it came from a valid host. 3) Relaying messages off of a legitimate SMTP server, one that is not owned by the spamer · If a company leaves their SMTP server open for relaying, which is disabled by default in Exchange 2000 but not in Exchange 5.5, a spamer can use their server to actually send out their spam. When this is done the sending server DNS name and IP address are both shown as this “valid host”. It is a very common procedure for spamers to use this tactic and there are even several software packages being sold that automate the process of finding and using servers that are left open for relaying of email. · See the reference section at the end on how to prevent your Exchange server from relaying such e-mail. 4) Automated process that use valid e-mail address from sites like of yahoo.com, hotmail.com, etc · These automated programs used by the spam companies sign-up and create e-mail accounts at one of the many free e-mail sites out there and then use these accounts to send their spam. · The only way to prevent this type of spam is by using content filters since you can’t, or at least shouldn’t, block all e-mail from these free e-mail sites. · Luckily most of these sites have automated systems themselves to detect such activity and shut down the account before it is used to send too many e-mails, if any. The SolutionSo now that you know a little more about the tactics the spamers use lets look at a few solutions to reduce the about of spam your users received. There are several different ways you can attack the spam problem. The two basic approaches are from the client or server side.
On the client side many mail applications now have some level of spam filtering built in. Outlook XP, and earlier editions, has the ability to check for keywords in the To, From, or message Body and if these keywords are detected Outlook can then carry out actions on the e-mail, like deleting or placing it in folder besides your inbox. Outlook and many other mail clients also have the ability to setup message rules that check messages for content and then carry out an action on the message. These rules can also be used for filtering out spam. Beyond the built-in spam filtering ability of your mail client there are several client side add-ins that include spam filtering functionality. Some of these support complex contenting scanning, looking for keywords in the message, comparing the sending e-mail address or host against a list of know spam senders, friends and enemies list, and more. I personally have been using a product called IHateSpam, which is a client-side add in to Outlook, for a few months now and have found it very effective.
The other solution is setting up server side software to prevent spam e-mails from ever getting to your users. There are many different commercial packages available to help filter spam on the server side, see the reference section at the end of this article. The server side filters support the same functionality as the client side filters out there but with the added benefit that your users and network never have to see the spam messages that are filtered out. It also just so happens that in Exchange 2000 Microsoft has made it possible for the average coder to add spam filtering ability to Exchange, which is the solution the rest of this article covers. Creating your own spam filterThe Basic HooksIn Exchange 2000 Microsoft relies on the Simple Mail Transport Protocol service (SMTP) includes with Windows 2000, which is part of IIS 5.0. This service has support to generate an event whenever a new SMTP message is received. When this event, OnArrival, is triggered the message that triggered this event is accessible using Microsoft Collaboration Data Objects (CDO). Via CDO an application, or script, can access the data in the message and set the status of the message that tells the SMTP service what to do with the message. The three states the SMTP service supports are continue sending the message, abort sending the message and deleted it, and abort sending the message but save it to the BadMail. In addition, a status can be returned to the SMTP service if the message should be processed by other event sinks, if they exist, or not. Processing the MessageIn order to have the message process by an application that application must be registered with the SMTP service so it knows to send new messages to the application when they are received, before processing it further for delivery. This registration process tells the SMTP service to make the message available to the register CDO scripting object via a COM object.
Microsoft provides a VBScript to register (add), remove, view, and update event syncs on the SMTP service. This script is in the CDO section of the Windows 2000 Platform SDK, it also been included with this article for convenience. Using this script you can register your own VBScript to check incoming SMTP e-mails to see if they are spam or not. I will cover the registration process later in this article.
Once the VBScript is registered to process all incoming SMTP e-mails it will be passed the incoming message, as an object. The script that processes the message is expected to update the message if it shouldn’t be delivered and return a status that will tell the SMTP service if it should run any further events on this message. Sub ISMTPOnArrival_OnArrival(ByVal objMsg, EventStatus) The line above is the required sub in the VBScript that is being called by the event sink. The objMsg contains the incoming SMTP message. EventStatus is the variable that is returned to the SMTP service that tells it if the message should be processed by other event sinks or not. The two supported values for EventStatus are 0 (cdoRunNextSink) which tells the SMTP sever to run the next event sync on the message and 1 (cdoSkipRemainingSinks) which lets the SMTP service know that the message is ready for further processing.
In the script the status of the message must be sent so the SMTP service knows what to do with the message once the script is done running. The messagestatus field (http://schemas.microsoft.com/cdo/SMTPenvelope/messagestatus, note this is not a URL to a web page but the fully qualified field name in the message object) supports three values. The first value 0 (cdoStatSuccess) informs the SMTP service to deliver the message, 2 (cdoStatAbortDelivery) tells it to not deliver the message and delete it, and 3 (cdoStatBadMail) tells it to not deliver the message but save a copy in the BadMail directory on the Exchange server. So in your script you have a choice of saving the spam message for later referral, and I would recommend using this option, but you need to make sure you clean out the BadMail directory on a regular basis to prevent the volume where it exist on from being filled up. By default this BadMail directory is located on the same volume where your Exchange 2000 system files are installed under the Exchsrv\Mailroot\vsi 1\BadMail directory. Building a Solution with VBScriptSetting the Message Status Field in the ScriptSub ISMTPOnArrival_OnArrival(ByVal objMsg, EventStatus) Set objFields = objMsg.EnvelopeFields objFields.Item("http://schemas.microsoft.com/cdo/SMTPenvelope/messagestatus").Value = 3 objFields.Update EventStatus = 1 End Sub In the above code example the script is passed the new message and the first line binds to the EnvelopeFields namespace in the message. This namespace contains a set of fields that are present in the message while it is still in transit.
The messagestatus field is the one that we will be setting in the script to control the deliver of the message. In the example above we are setting it to 3 which will tell Exchange not to deliver the message and save it in the BadMail directory.
Once this value is set on messagestatus the message must be updated with the change which is done on the objFields.Update line, this is similar to doing a SetInfo with ADSI.
Finally we set the EventStatus variable to 1 which tells Exchange to skip any other event sinks and process this message. At this point Exchange will look at the messagestatus field to determine what to do with the message.
The above example if registered would prevent any incoming SMTP mail from being delivered, which would get rid of 100% of your spam but also would prevent 100% of all internet e-mail. So we need to make the script do some checking to determine if the message is spam and if it isn’t it should tell Exchange to continue delivery of the message.
Detecting SpamUnfortunately, detecting isn’t an easy task. There are two keys ways of detecting spam, one is by looking at the host or person sending it and the other is by the examining the content of the message.
The only way to truly know where an incoming e-mail is coming from is via the IP address of the sending SMTP server. Everything else can be faked, spoofed, by a spamer. So if you want to filter out spam being sent by a certain host you need to block the sending SMTP server’s IP address. To make it even more difficult, many spamer use multiple IP address to send different e-mails out. So if you just block one IP address of a spamer you might get future e-mails from them if they send mail from another IP.
Looking at the content of a message to determine if it is spam is never 100% accurate. While you can search a message on keywords like “free adult site” it is possible that valid e-mail might contain almost any keywords or phase you come up with. For example “There is a new free adult site for previewing R rated moved now on blockbuster.com” might be part of a valid message. So when we talk about using keywords to look for spam you need to keep in mind that using them might filter out valid e-mails. Getting properties from the messageIn the above code sample we set the messagestatus property in the EnvelopeFields namespace but we now need to get at some additional properties of the message to see if it is spam or not. The first one we need to get is the IP address of the server sending the message. This property is stored in the message header. In the line below we set the MsgReceivedFrom variable to the received field in the message header. MsgReceivedFrom = objMsg.Fields.Item("urn:schemas:mailheader:received").Value Now that we have the information on where the message was received from we need to extract the IP address of the sending server from it. Since the received from field has a lot of other data in it besides the IP address we are looking for, see the example below, we need to extract out the data we need. from mkt-mail.ebates.com ([63.236.56.147] RDNS failed) by mail.corp.com with Microsoft SMTPSVC(5.0.2195.5329); Tue, 19 Nov 2002 17:46:20 -0600 So we need to get the “63.236.56.147” from this field. Using the code below we use the Mid function to get the data between the [ and ] characters. The reason we put in the If statement is to make sure that the Mid function does not return an error, the ending position must be greater then the starting position or it will return an error. So after running code below the SendingHostIP variable should now be set to 63.236.56.147. StartIP = InStr(MsgReceivedFrom,"[")+1 EndIP = InStr(MsgReceivedFrom,"]") If EndIP-StartIP > 0 Then SendingHostIP = Mid(MsgReceivedFrom,StartIP,EndIP-StartIP) End If Check to see if a host is a spamerNow that we have the IP address of the sending SMTP server we need check see if the sender is a known spamer. There are a few ways that this can be done but one thing to keep in mind is that all incoming SMTP mail is stopped until the script releases the message since the SMTP service only allows one event sink to run at a time. So the script needs to run very fast, which reduces the time you can spend checking the host. With this in mind I decided to take advantage of the Active Directory and store spam senders in the AD as contacts. There are a few benefits of this approach. First you can goto the OU where they are stored and see a list of the spam senders and easily add addition data to the contacts. Second, it is very easy add new contacts\spam host to the AD since you just need to create a contact with the IP address as the name of the contact. In addition, since the AD support delegation you can delegate out to someone the ability to manage the spam hosts without giving them admin access to Exchange. So these benefits will make managing your spam sites very easy. Finally, and possibly most import for large organizations, the time it takes to bind to an object in the AD is very small. This means the check should be very quick and the script should be able to handle a large flow of SMTP mail without slowing down delivery of messages.
Most commercial packages use one or more of the public blacklisted open relay or spamer sites to check to see if the sending IP address should be blocked. For speed purposes they normally cache part of this data. The included script includes support to query these blacklist servers, but this code isn’t covered in this article. I will cover the code in Part 2 of Managing Spam.
Below we are setting the SpamContactPath variable to the path of the possible contact in the AD and then we attempt to bind to it, we also tell the script to continue if the GetObject returns and error. SpamContactPath = "LDAP://SRVHOUDC01/cn=" & SendingHostIP & "ou=Spam Sites,ou=Admin,dc=corp,dc=com” On Error Resume Next Set objSpamContact = GetObject (SpamContactPath) Now that we attempted to bind to the object in the AD we need to check the error returned, if any, and block the message if the spam host was found. So below we are checking for the error number 8007230, after converting it to a hex and string value. So if the error is 8007230, “There is no such object on the server”, then we will assume the sender is not a spamer at this point and set the SPAM variable to False. If we are able to bind to the object, which means it does exist in the AD, we then set the SPAM variable to True. If CStr(Hex(Err.Number)) = "80072030" Then SPAM = False ElseIf Err.Number = 0 Then SPAM = True End If Searching for keywords in the messageSince you won’t have a list of all know spam host, nor will anyone since new ones come up daily, you will need to filter by something else. So now we turn to content filtering by looking for keywords in the message data. Since content filtering can easily block valid message, causing false positives, you need to make sure that your keywords aren’t too generic. First you should create a sub routine that can check for key words when passed a string of text and a list of keywords. In the one below Data is the string that is being checked, Words is list of keywords where each keyword or phase is separated by a ^, and SPAM is the variable we are using to flag the message as spam or not. The first thing we do is make sure the string being passed to the Sub is valid and the message hasn’t already been flagged as spam. Then we need to take the word list and break it into individual words or phrases and store them in an array. This is done by using the Split function. Last we need to loop though each value in the array using a For loop and stops at the last value, which is retrieved using the UBound function, of the array or stop if a keyword is found. Inside the loop the value of Data is check each time to see if it matches the current keyword. This is done by using the InStr function, note since the InStr function is case sensitive we convert the Data variable and current keyword to lower case with the LCase function. If the keyword does exist in Data then we set SPAM to True and exit the For statement. Sub CheckWords (Data,Words,SPAM) If Trim(Data) = "" or SPAM Then Exit Sub End If Dim WordArray, i WordArray = Split (Words,"^",-1,1) For i = 0 to UBound(WordArray) If InStr(LCase(Data),LCase(WordArray(i))) Then SPAM = True Exit For End If Next End Sub Before we can call our CheckWord sub we need to have the data we want to check and a list of key words. So at the beginning of the script you should set a constant, Const, that contains the key words you want to check for separated by ^, caret, character. Then in the main Sub, ISMTPOnArrival_OnArrival, you can call the CheckWords Sub with the field you want to check, MsgFrom in this case below, and keyword list. If you plan to check the body of the message you will probably want to have another set of keywords that are more limited since there are some cases where the words below maybe valid in a body of the message. Const KeyWords = "porn^Viagra^Horny Amateur^Refinance Now^Adult ^xxx^Ca$h^winder^erotic^ sex^casino"
MsgFrom = objMsg.From CheckWords MsgFrom,KeyWords,SPAM Getting the Class C address of a spam hostSince many spamer send messages out from multiple servers filtering out just one of their IP address will not block all the spam from them. In most cases these spamer own a class C, 255 IPs, block of IP addresses. So it makes sense to filter out the entire class C address of spam host. This also can be used to filter out spam being sent from dynamic address, like those given out over a cable or DSL line, which spamer some times send mail from also. The function below is used to return only the first three parts of an IP address. This allows us to use the SendingHostClassC variable to check for a contact in the AD. SendingHostClassC = GetClassC(SendingHostIP) & ".0" Function GetClassC (Data) Dim IPs IPs = Split (Data,".",-1,1) If UBound(IPs) <> 3 Then GetClassC = "Invalid" Exit Function End If GetClassC = IPs(0) & "." & IPs(1) & "." & IPs(2) End Function Changing the message statusNow that we have a couple of checks in place we now need to set the message status so Exchange won’t deliver mail if find it is spam. In the code below we are checking to see if the message has been marked as spam. If SPAM is False we set the EventStatus variable to 0 (cdoRunNextSink), the default of messagestatus is 0 (cdoStatSuccess) so we don’t need to change it. If the message has been flagged as spam we then need to update the messagestatus property to tell Exchange not to deliver it by setting this property to 3 (cdoStatBadMail). If Not SPAM Then EventStatus = 0 Else objfields.Item("http://schemas.microsoft.com/cdo/SMTPenvelope/messagestatus").Value = 3 objfields.Update EventStatus = 1 End If We could alternatively set the message status to 2 (cdoStatAbortDelivery) to have the message deleted instead of saving it in the BadMail directory. I would recommend saving the message to the BadMail directory because this lets allows for easy retrieval of a message and forwarding of it if it turns out it was a valid message. To forward a message on if it was flagged as spam incorrectly you just need to drag the message, which will end in .BAD, from the BadMail directory to the PickUp directory. Exchange will process any items in this directory and if they are formatted correct will deliver them. In the final version of the script it includes support to bypass filter on messages sent by this method. Before you drop the message into the PickUp directory you should open it in notepad and remove any To: address that aren’t local to your mail system, otherwise Exchange will try to deliver the message to them also, this prevents users outside of your mail system from get the message twice. Putting it all togetherBelow is a basic example of a fully working spam filtering script. The CheckWords Sub and GetClassC Function covered above are not included to save space; they would need to be in the same .vbs file before this script will work. Const KeyWords = "porn^Viagra^Mortgage Rates^Refinance Now^Adult ^xxx^Ca$h^winder^erotic^ sex^casino"
Sub ISMTPOnArrival_OnArrival(ByVal objMsg, EventStatus ) On Error Resume Next SPAM = False ‘ If the script fails anywhere we should assume the message is not spam
MsgReceivedFrom = objMsg.Fields.Item("urn:schemas:mailheader:received").Value
StartIP = InStr(MsgReceivedFrom,"[")+1 EndIP = InStr(MsgReceivedFrom,"]") If EndIP-StartIP > 0 Then SendingHostIP = Mid(MsgReceivedFrom,StartIP,EndIP-StartIP) End If SendingHostClassC = GetClassC(SendingHostIP) & ".0"
SpamContactPath = "LDAP://SRVHOUDC01/cn=" & SendingHostClassC & "ou=Spam Sites,ou=Admin,dc=corp,dc=com” Set objSpamContact = GetObject (SpamContactPath) ‘ Try to bind to an object with the same name as the Class C IP address of the sending system
MsgFrom = objMsg.From CheckWords MsgFrom,KeyWords,SPAM ‘Check the From field for any of the keywords
If Not SPAM Then EventStatus = 0 ‘Message hasn’t be marked as spam so contiune delivery Else objfields.Item("http://schemas.microsoft.com/cdo/SMTPenvelope/messagestatus").Value = 3 ‘ Change the message status so it isn’t delivered objfields.Update EventStatus = 1 ‘Prevent running any other event syncs End If End Sub Registering You Spam FilterIn order for you spam filter script to work you need to register it with the SMTP service as an event. The script provided by Microsoft, SMTPreg.vbs, will be used to register your script. The first step is copy your spam filter script and SMTPreg.vbs to your Exchange server(s) that excepts incoming SMTP mail, if you have multiples this will need to be done on each one of them.
Once you have the scripts copied to your Exchange server run the following command to register your script. cscript SMTPreg.vbs /add 1 OnArrival SPAMFilter CDO.SS_SMTPOnArrivalSink "mail from=*" This adds an OnArrival event sink to the first SMTP virtual server on the Exchange server when any messages are received. The SMTPFiler is the display name of the sync we are registering, which can be changed if you wish. The next parameter is the CDO class that will be used to process the sink. The setting, mail from=*, is the rule for what mail to process. If you run just cscript SMTPreg.vbs it will display the usage and parameters of the script.
The event sink is now registered but we need to set a few properties on it first before it will actually do anything by running the following line. cscript SMTPreg.vbs /setprop 1 OnArrival SPAMFilter Sink ScriptName "c:\Script\SPAMFilter.vbs The Sink parameter is the “PropertyBag” which is the where the properties for this event will be stored. The next one, ScriptName, is the property name we will be setting and last is value for this property. Testing Your Spam FilterAssuming you registered you spam filter you should test it out immediately to make sure valid e-mail is getting delivered still. Trying sending a message from an external mail system, like hotmail.com, and make sure you receive it. Then try sending a message with one of the keywords in it. After you send the “spam” message it should be in the BadMail directory, you can open the .BAD files in this directory with notepad to view their content.
If you need to make changes to your spam filter script you can do so “on the fly” by just opening it up and making the changes and then saving the file. I would highly recommend that you re-test the script after each change to make sure it is still working correctly. Additional Features in the Includes Spam Filter ScriptThe included script includes additional features like logging, more extensive keyword filtering, spam filtering levels, querying of blacklist servers, and all environment specific variables and constants are set at the top of the script. LoggingThe include script generates four log files, SMTP.log, SPAM.log, KeyWordSPAM.log and NewSPAMHosts.log. The SMTP.log file contains limited information from messages that aren’t flagged as spam. The SPAM.log contains the similar data but only for messages flagged as spam because a contact was found in the AD. KeyWordSPAM.log is similar to SPAM.log, but only contains log data for messages that were filtered out due to a keyword match. In addition, this log includes the keyword caused the message to be flagged as spam. This should make it a lot easier to find those false positives since the vast majority will be due to keyword matches. The last log file, NewSPAMHosts.log, includes a list of any hosts that spam was detected based on a keyword match or “blacklist” match. This log file can be used as a source for another script that tries to determine if the hosts in this log are spam hosts or not. This addition script will be covered in Part 2 of Managing Spam.
These logs will be very valuable in adding new spam host to the AD and removing invalid ones. Also because you now have a log of all incoming SMTP mail you can inform your users to forward you any spam they receive. Then based on the time the message was sent to them you can look in the SMTP.log file to find out the host that sent it and then create a contact to filter out mail from this host in the future. In addition, these logs will help you find valid messages that were filtered out by looking though the SPAM.log and KeyWordSPAM.log files. I would highly suggest that you monitor these files for a few days very closely after setting up or making changes to your spam filters, just to make sure valid e-mail isn’t being filtered out. Blacklist server lookupTo help reduce the number of spam messages received by my users I added in support to query a handful of the public “blacklist” servers. These servers act as a regular DNS server and when queried return a 127.0.0.x address if the IP queried on is in their “list.” For environments that get a large amount of incoming SMTP mail they may need to disable this check since it can take a second or two to carry it out, which could cause an excessive number of messaged to be queued up and delayed. What’s Coming in Part 2 of Managing SpamIn Part 2 of Managing Spam I will cover a client side script that can be used to populate your spam host contacts in the AD. This script will look in an Outlook folder to get the message header from the messages in this folder and then try to determine if the host that sent the message is a spamer. If it is it will then create a contact and set multiple properties on that contact so you can find out why it was flagged as a spam host. This same script will also read in values in the NewSPAMHosts.log file created by the attached spam filter script. In addition, SMTP.log includes support to log key information that can be copied into NewSPAMHosts.log to further simplify the creation of spam host contacts in the AD. With this additional script all you need to do is copy a line from the SMTP.log into NewSPAMHosts.log and run the script to filter out a host. ConclusionWhile it is impossible to filter out all spam with the attached script you can greatly reduce the about of spam received by your user community. I have hosted e-mail for friends, relatives, and a few small businesses for years and after install my custom spam filter my users saw a VERY drastic reduction in spam. In the three months before I installed this spam filter I received over 1,800 spam messages, which is about 23/day. With the spam filter installed I am now getting less then 8 spam messages a day, on average. With the help of IHateSpam, which can be purchased from Sunbelt software, the number of spam message I see in my Inbox is less then one or two a day. With IHateSpam’s help I was also able to create a list of over 1,100 spam host in a day by pointing a script, to be covered in Part 2, at the folder where it moves all of the spam messages to. After one week of having the spam filter installed I now have over 1,400 spam host listed in the AD.
With this simple solution you can quickly, for only the cost of your time, look like a hero to your user community by cutting the spam they receive drastically. About the AuthorJason Sherry is a Windows Infrastructure Architect for Pro Exchange and specialized in the Active Directory, Exchange, system management and administration, and scripting. Before coming to Pro Exchange he worked at NetIQ for five years, where he was a product manager in their administration and security product line. Reference Information1) Securing Exchange 2000 ·
How to prevent Unsolicited
Commercial E-Mail in Exchange 2000 Server (Q319356) ·
How to prevent SMTP relaying with
Microsoft Exchange Server ·
How to secure Simple Message
Transfer Protocol Client Message Delivery in Exchange 2000 (Q319267) 2) Adding Exchange Server Filters ·
XADM: How to Filter Junk Mail in
Exchange 2000 - One thing this article fails to mention is that the senders information is often forged by spam senders so these filters aren’t that helpful ·
How to Enable or Disable Message
Filtering on a Simple Mail Transfer Protocol Virtual Server 3) Anti-Spam Software for Exchange and Outlook · http://www.msexchange.org/software/software.asp?cat=AntiSpam · http://www.slipstick.com/addins/content_control.htm 4) Code References ·
Supported Transport Events with
CDO ·
Registering Script Sink Bindings ·
Implementing Sinks with Scripting
Languages ·
CdoEventStatus Enum ·
Messagestatus Field ·
How to register a Transport Event
Sink for the SMTP Service in Exchange 2000 Server (Q 313404) 5) Related Articles ·
Rules and tools to filter junk
mail ·
How to view Internet Headers 6) Spam related web-sites ·
Open Relay Sites ·
RFC-Ignore – Since most spamers
don’t follow RFC guidelines for SMTP mail deliver they are listed here ·
Spamhaus Block List – List and
information on the worst spamer on the internet |