3. Configuring the Allowed Keyword or Phrases List
Content
filtering varies from organization to organization, so Exchange 2007
Edge Services has exceptions to allow for keywords or phrases to not
cause a message to be filtered or blocked. This is commonly used in the
medical profession where the reference to certain drugs, body parts, or
human activities is part of the field of business, whereas in other
organizations, those references are commonly used in unwanted or
unsolicited email messages.
To
configure the Exchange 2007 Edge Transport server to allow keywords or
key phrases, do the following from within the Exchange Management
Console:
1. | Select the Custom Words tab.
|
2. | Enter
the word or phrase you want to allow in the Messages Containing These
Words or Phrases Will Not Be Blocked field. Email messages containing
these entries will always be allowed to bypass content filtering.
|
3. | Click Add to include the new entry.
|
4. | To remove an entry, highlight it, and click the Delete button.
|
5. | Click Apply to save your changes or OK to save changes and close the Content Filter dialog box.
|
Note
Messages containing an allowed word or phrase are given an SCL score of 0.
4. Configuring Keyword or Phrases List to Block Messages
The
second section of the Custom Words tab allows you to define words or
phrases in messages that should be blocked. There are two exceptions to
this: use of the allowed word or phrase list and the exclusions list.
Entries in this section result in the message being blocked, unless the
word or phrase appears in the Messages Containing These Words or
Phrases Will Not Be Blocked section or the recipient’s email address is
listed in the exclusions list.
For
example, your organization might have an email policy that states any
message containing racial slurs or derogatory terms should be blocked
unless the message is sent to or from the organization’s attorneys and
senior management. To accomplish this, you would use the Messages
Containing These Words or Phrases Will Be Blocked, Unless section to
include the racially discriminatory language, the Messages Containing
These Words or Phrases Will Not Be Blocked section could contain the
lawyers’ names, office names, addresses, and so forth of the law firm
the attorneys work for, and the exclusion list would hold the email
addresses of the company’s executive staff. This would ensure any
message not deemed appropriate would be blocked unless it contained
information about the company’s lawyers or were sent or copied to one
of the organization’s executives.
To configure blocked keywords or phrases, from within the Exchange Management Console, do the following:
1. | Select the Custom Words tab.
|
2. | Enter
the word or phrase you want to block in the Messages Containing These
Words or Phrases Will Be Blocked, Unless field. Email messages
containing these entries will always be blocked unless they contain a word or phrase that is included in the allow list.
|
3. | Click Add button to include the new entry.
|
4. | To remove an entry, highlight it, and click the Delete button.
|
5. | Click Apply to save your changes or OK to save changes and close the Content Filter dialog box.
|
Note
Messages containing a blocked word or phrase are given an SCL score of 9.
As
a recommendation from experience, get creative but, be precise! In the
previous example scenario, you could request the law firm to insert a
particular code or phrase in messages sent to your company. This makes
the message easier for your company to identify and entries in your
content filter lists easier to manage, and increases the reliability of
content filtering overall. Avoid entering words and phrases that are
arbitrary. Instead choose keywords and phrases specific to why you are
blocking the message and that won’t be mistakenly identified in
legitimate messages. This reduces the amount of false positives and
processing power needed by the content filter.
5. Configuring the Exceptions List
The
next item in the Content Filter Properties window is the Exceptions
tab. The Exceptions tab is used to define email addresses for those you
do not want to filter their messages by content. For example, a company
might include the human resources’, attorneys’, or system
administrator’s mailbox because they might need to view these messages
to fulfill the duties of their jobs, whereas the same is not true for
the rest of the organization’s employees. To configure exceptions,
within the Exchange Management Console, do the following:
1. | In the Content Filter Properties window, select the Exceptions tab.
|
2. | In
the Do Not Filter Content in Messages Addressed to the Following
Recipients field, enter the full email address of the account.
|
3. | Click Add to include the entry in the list.
|
4. | To remove an entry, highlight it, and click the Delete button.
|
5. | To edit the email address of an entry, highlight it, and click the Edit button.
|
6. | Click Apply to save your changes or OK to save changes and close the Content Filter.
|
Note
The exception list is restricted to a maximum of 100 entries.
6. Setting the Action Tab of the Content Filtering Agent
The
last tab of the Content Filtering Agent is the Action tab. The Action
tab stores the configuration for what actions should be taken on a
message based on the calculated SCL. The SCL can range from 0 to 9; 9
designating a high confidence level the message is spam or contains a
match to a block list and 0 designating a high confidence level the
message is valid or contains a match to an allowed list.
In
the Content Filtering Agent, an action of Delete takes priority over
the action of Reject, which takes priority over the action of
Quarantine. For example, when all three actions are enabled with a
threshold of Delete if SCL is 8 or higher, Reject if SCL is 6 or
higher, and Quarantine if 4 or higher, a message with an SCL of 9 would
get deleted even though it technically is higher than the other
thresholds, and a message with an SCL of 5 would get quarantined. This
hierarchy is by design. At least one but not all actions need to be
enabled to use content filtering.
Tip
To
avoid an impact on legitimate email (false positives), start with a
more conservative approach leveraging either low SCL numbers as the
threshold or quarantining most spam first.
