Create a global Safe Senders List in Exchange 2007 to filter spam

One of the biggest spam-related management challenges in Outlook 2003 and Exchange Server 2003 was the Safe Senders List, sometimes referred to as a whitelist. Each email user can create his or her Safe Senders List. Unfortunately, Exchange Server 2003 and Microsoft Outlook 2003 don't provide a way to centrally manage this list. While Exchange Server 2003 allows you to create a central whitelist, the list doesn't take the contents of individual Safe Senders Lists into account.

Changes to Exchange Server 2007 and Microsoft Outlook 2007 give Exchange administrators the ability to create an aggregate Safe Senders List. This is a compilation of all individual Safe Senders Lists that serves as a global whitelist for the organization. Essentially, if a user marks a particular sender as safe, then there is no reason why other users in the organization shouldn't also consider the sender as safe.

More resources on Exchange 2007 spam filtering: Migrating antispam settings from Exchange 2003 to Exchange 2007 The six-layered secret of effective Exchange Server email filtering How to install and configure an Edge Transport server for Exchange 2007

There are several benefits to creating a global, aggregate Safe Senders List. The most obvious is that it potentially can reduce the number of legitimate messages that are incorrectly marked as spam. If a sender sends email to a recipient in your organization often enough that the recipient adds the sender to the Safe Senders List, then the sender most likely has a strong relationship with the recipient. In this case, the sender may send messages to other recipients within the organization. An aggregate Safe Senders List ensures that the sender's messages aren't treated as spam, regardless of which employee the sender attempts to contact via email.

Another benefit to a global Safe Senders List is that it's helpful for new employees or those who haven't created their own Safe Senders List. Normally, when you create a mailbox for a new user, that user doesn't have a Safe Senders List. Users must manually add senders to their whitelists. Having an aggregate Safe Senders List in place gives these users an established whitelist they can use while they're building their own lists.

To create a global, aggregate Safe Senders List, open the Exchange Management Shell and enter the following command:

Get-Mailbox -> Update-SafeList –Type SafeSenders

Although this command is simple, there are a few things that you must know about aggregate Safe Senders Lists before you create one.

• The aggregate Safe Senders List isn't compatible with Exchange Server 2003. If you have users with mailboxes residing on an Exchange 2003 server, the command will trigger an error when trying to process those mailboxes.
• The aggregate Safe Senders List doesn't update automatically. Administrators must periodically run the above command to update the list. Most administrators prefer to create a script that runs the command at specific intervals, so they don't have to enter the command manually each time.
• The process of creating a global, aggregate Safe Senders List can be time consuming and resource intensive. The process obtains the contents of each individual Safe Senders List and writes collective lists to Active Directory. This can strain your Exchange servers and domain controllers. Therefore, it's advisable to run the process during non-peak hours.
• Each sender is limited to 1,024 Safe Senders List entries, although most users won't reach this limit. The limit applies to the number of entries on an individual Safe Senders List, not to the length of the aggregate list.

About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Antispam Software and Spam Filtering How can I configure Exchange IMF to allow an IP address or DNS? Tool helps identify inbound Exchange Server email flow issues Configure SMTP relay restrictions in Exchange Server 2003 to stop spam Exchange email sent to a domain using SPF authentication is returned Secure Edge Transport servers using the Security Configuration Wizard Migrating antispam settings from Exchange 2003 to Exchange 2007 The six-layered secret of effective Exchange Server email filtering Top 10 Exchange, Microsoft Outlook and OWA email security tips of 2007 Troubleshoot Microsoft Outlook email delivery problems Microsoft Outlook and Exchange Server 2003 Email Security Guide Antispam Software and Spam Filtering Research Microsoft Exchange Server 2007 How to protect an Exchange journaling mailbox from email spoofing Set up messaging records management (MRM) in Exchange Server 2007 Create a secure Microsoft Outlook Web Access (OWA) redirect page Why does a security alert pop up when accessing Outlook Web Access? How Microsoft's new support policy for virtualized Exchange will affect you Using Exchange Server journaling as an email-archiving solution Why too much memory can hurt Exchange Server 2007 performance Microsoft Exchange Server backup method pros and cons Virtualizing Exchange Server 2007 with Microsoft's Hyper-V Configure Microsoft SharePoint mobile access via Exchange Server 2007 Microsoft Exchange Server 2007 Research Exchange Security Tips How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Grant or deny permissions to access a user's Exchange 2007 mailbox Migrating antispam settings from Exchange 2003 to Exchange 2007 Deploying ISA Server as a firewall for Exchange Server mobile devices RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.