Nemx Power Tools for Exchange Server

November 2004

We would like to take this opportunity to share with you some tips and provide information about additions and improvements to Nemx Power Tools and SecurExchange and how these enhancements can benefit you in your fight against the recent spam, viruses, and Exchange Server interrogation attacks.

Version 5.0 now available:

Version 5.0 of Nemx SecurExchange and Nemx Power Tools are now available for General Availability. The press release can be obtained from http://www.nemx.com/aboutnemx/newsandevents/PressReleases/PressRelease-PowerTools50.asp.

Version 5.0 is a free upgrade to all customers currently within a Support and Upgrades plan. More information on Version 5.0 can be found at our website.



Intelligent Message Filter (IMF):

Exchange 2003 contains a feature called the Intelligent Message Filter or IMF. While the IMF is reasonably effective in tagging spam, it does not provide a fool proof way to allow particular messages to bypass IMF processing, resulting in a comprise when trying to deal with lost mail due to False Positives. A user specific “Safe Sender” mechanism is provided, but only if Outlook 2003 is used and then only if the message is below the Spam Confidence Level (SCL) of the gateway. In addition, there are no system wide “white listing” capabilities, other than by IP address, so depending on your organization’s needs, using the IMF can result in 1 of 2 scenarios for handling False Positives.

To ensure mail makes it to all users, the gateway threshold is defined to an extremely high value. This means that all mail will pass from the SMTP gateway to each of your user’s mailbox, most likely being moved to a Junk Mail folder. As mail is never deleted at the gateway, this increases the storage, bandwidth, and overall processing requirements of your Exchange infrastructure, but more importantly does not delete messages with a high Spam Confidence Level (SCL) for the average user. Your average user spends important time filtering the Junk Mail folder, while user’s sensitive to False Positives must spend additional time sorting through each message. Exchange Admin regained some additional time, as no archiving/quarantining of mail is occurring on the gateway machine, requiring their attention.

To reduce the amount of time users must spend sifting through their Junk Mail folder can be accomplished by reducing the SCL threshold on the gateway. This means that messages that have a high spam confidence level (SCL) will be handled on the gateway machine and will never make it user’s mailboxes. This keeps Junk Mail folders manageable. However, to address False Positives, the Exchange Administrator must review each and every email exceeding the gateway threshold to ensure that an incorrect action has not been invoked. Although this reduces Exchange performance issues and overall user administration issues, it does place a heavier burden on Exchange Administrators in terms of time, and may create an exposure to corporate or sensitive information.

How can an organization balance these conflicting requirements? Nemx Power Tools: IMF extensions can address these productivity, performance, and sensitivity issues while dealing with the high False Positive rates of Exchange’s Intelligent Message Filter.

A HowTo on Reducing False Positives while using Exchange’s IMF can be found at
http://www.nemx.com/products/powertools/HowTo/ExchangeIMFWhiteList.asp


Regulatory Compliance:

Feeling the regulatory squeeze? Is your Exchange Server prepared for the vast array of corporate, country and industry rules and regulations?
Taken for Microsoft’s White Paper on Regulatory Compliance
<< Over the past decade, e-mail has become critical to many businesses. For many companies, however, management of e-mail as a business record has not kept pace with its importance. Today many companies archive and retrieve e-mail on an ad hoc basis. Few have clearly defined policies about using messaging, what sorts of data is to be transmitted, and what types of protection their messaging data must have. Many organizations are only now realizing that they need a system to ensure that data within their Exchange Server messaging systems is safely stored in a searchable, retrievable format.
Although not all business messaging regulations require message archiving, the regulatory environment is changing, and all businesses should be aware of how changes might affect messaging systems operations in the long term. Some businesses—those in the financial and healthcare industries, for example—have long been aware of the need to archive and track their communications because of such regulations as SEC Rule 17A-4 and Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA). Now, however, industries that have not previously felt the need to retain e-mail data may face these requirements. Regulations such as the Sarbanes-Oxley Act of 2002 (SOX) have highlighted the need for all industries to maintain, store, and secure data, including electronic messages, for several years. >>

Currently Nemx Power Tools Advanced Edition can help by:

• Monitoring internal mail traffic in real time for content patterns and message attributes
• Searching the complete Exchange message store looking for specific content
• Providing audit trails on key information content

Phishing:

In the past month, the number of phishing type emails has tripled. For those not familiar with the term, phishing (pronounced fishing) is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

Concept Manager:

Nemx Power Tools’ Concept Manager and Content Manager components can help detect phishing type spam messages. Concept Manager’s unique approach of deciphering the key concepts found within a message, can detect the fraudulent nature of apparent “bank originated” customer support emails, while Spam URL Blacklist (SURBL) support in the Content Manager can detected known websites used in phishing attempts.



We hope that this newsletter and How Tos will help you in your daily battles with the effects of spam and viruses. If you have any thoughts on how Nemx Power Tools and SecurExchange can better your fight, by all means please let us know. Many of the features in the product come from customer suggestions, so keep them coming!