Microsoft designed Exchange Server 2003 and its clients to operate in a world in which spam is a constant menace—something that wasn't the case when Exchange Server 5.5 or even Exchange 2000 Server launched. Then, spam existed but hadn't reached epidemic proportions, clogging as much valuable bandwidth or occupying as much administrative time as it does today.

On the server side, Exchange 2003 supports sender, recipient, and connection filtering to provide control over who can send messages to an Exchange server, who can receive messages sent to that server, and how other messaging systems can connect with the Exchange server. For example, to prevent spammers from sending messages to large communities within an organization, Exchange 2003 can block messages from unauthenticated users to specific mailboxes or distribution groups.

On the client side, Microsoft Office Outlook 2003 features a Junk E-mail Filter and blocks graphic downloads in HTML mail to suppress Web beacons. (See Outlook 2003’s Junk E-mail Filter," March 2004, InstantDoc ID 41655 for more information about the Junk E-mail Filter; see the Exchange & Outlook Administrator article "Spam Beacons," September 2003, InstantDoc ID 39501 for more information about Web beacons and how to avoid them.) Outlook Web Access (OWA) 2003 and the version of Outlook Express that will ship with Windows XP Service Pack 2 (SP2) also share the ability to suppress Web beacons, and OWA also supports the Safe Senders, Safe Recipients, and Blocked Senders lists that Outlook 2003 supports.

As welcome as Outlook 2003’s Junk E-mail Filter is, though, you can use it only when you configure Outlook in cached Exchange mode or when you've instructed Exchange to deliver messages to a Personal Folders (.pst) file. Users who opt to use Outlook in traditional online mode, as well as users of other clients (e.g., IMAP4, OWA, POP3), also need protection. And best practice is to suppress spam as close to the source as possible—the point at which spam attempts to enter your organization. This approach conserves maximum bandwidth and reduces the spam's effect on users. Intercepting spam close to the network edge also lets you enforce enterprisewide policies and helps you avoid the need to update many network locations with data to counter new spam exploits—benefits that desktop filter files can't offer.