Exchange 2010 AntiSPAM

So its been a week since i moved to exchange 2010 – and in turn started using exchange’s built-in antiSPAM capability (well, it is in 2007, but i never used it) – primarily because most 3rd party anti-spam add-ons weren’t 2010 ready at RTM (which is fair enough)

Previously, i had always used 3rd party products, such as ORF from vamsoft, which is good – and has a good interface – but some SPAM still got through…. mainly because updating the blacklists etc was a never ending task.

With exchange antiSPAM ive been pleasantly surprised – i’ve enabled it on the edge, done some basic configuration (and yes, the interface for configuration isnt good) – downloaded the block lists via WSUS and voila… a couple of thousand spam messages caught in the quarantine mailbox, no false positives (yet) and one spam message got through (which was caught by outlook locally anyway). All with basic, once off configuration and updates managed by WSUS – cool, substantially less ongoing admin.

Colour me surprisingly impressed.

3 thoughts on “Exchange 2010 AntiSPAM

  1. Hi, I’m Krisztian Fekete from ORF Support. You mentioned that while you were using ORF “some SPAM still got through… mainly because updating the blacklists etc was a never ending task”. Please note that we suggest relying on automated tests as much as possible: manual blacklists/whitelist are hard to keep up-to-date so we discourage using them (see our best practices guide at http://www.vamsoft.com/downloads/getmostguide.pdf for more info: “Using the manual blacklists right”). If configured properly, ORF will stop 94-99% of incoming spam with no false positives, and the latest version is compatible with Exchange 2010 as well via a patch (http://blog.vamsoft.com/?p=145).

    If you decide to give ORF another chance, please contact us in email and send us your configuration file (orfent.ini). If you agree, I will review your configuration and make some suggestions to improve the filtering efficiency.

    1. thanks for the comment Krisztian.
      ORF is a good product – one which we’ve recommended to clients for many years – especially because of the reasonable price and good feature set. This doesn’t however change that, in my opinion, using the automated tests in ORF still require on-going additions to the manual blacklists in order to block more SPAM. I’m confident your “94%-99%” comment is true – however the main thrust of my post remains the same – i was surprised at how well the native anti-SPAM features in exchange 2010 have worked – even if the configuration interface for these features is terrible.
      As far as compatibilty – thats good to see. My comment was, and remains, that at exchange 2010 RTM, the patch wasnt available – and i didn’t expect it to be (as that would just be unreasonable) – so thats what lead to me testing exchange 2010 anti-spam in the first place.
      We dont have to “give ORF another chance” – we haven’t dicounted it or thrown it out in any way. We will still continue to recommend ORF to our clients where appropriate – as just because exchange 2010 anti-spam works, it doesn’t make ORF a bad product – it just gives us another option.

  2. Well, two lines of defense (ORF+IMF) are always better than one 🙂 Many of our customers use them both in combination, mostly because of the different approach, they are quite effective together.

Leave a Reply to Krisztian FeketeCancel reply