Third-party products supplement Exchange Server's capabilities for dealing with unsolicited commercial email (UCE). Because desktop solutions typically have scalability problems, I recommend that you use a server-based solution. Here's a sampling of server-based anti-UCE products.

Lyris Technologies' MailShield (http://www.mailshield.com/ features.html) can work with your Exchange server or on a separate machine to provide a full menu of security options for inbound mail. These options let you verify users' compliance with virtually all SMTP and Internet Request for Comments (RFC) standards and provide several other security options.

CSM-USA's CSM Internet Mail Scanner (http://www.csm-usa.com/ product/ims/) also acts as a separate SMTP gateway that can work on your Exchange server or a separate machine. The product can apply standard filters (e.g., domain name filtering) and also lets you block messages by other attributes (e.g., the text in the Subject area of messages). The server uses a subscription-based service that periodically sends you a text file with updated UCE mailer information.

Bright Light Technologies' Bright Mail (http://www.brightlight.com/ html/product_info.html) operates like a professional antivirus service and offers a high level of protection. The company maintains a 24 x 7 operations center that identifies UCE in realtime. When you subscribe to the service, all your mail passes through the company's Spam Wall software component, which is in constant communication with the central operations center. Bright Light deposits all UCE in Gray Mail so that users can decide whether they want to keep any messages.

All these anti-UCE solutions always carry a risk of causing false positives—inadvertently blocking mail that isn't UCE. To determine how best to optimize email for your environment, you must weigh the risk of lost mail against the importance of blocking UCE to your organization.