Exchange & Outlook UPDATE, Exchange Edition--Phishing: Recognizing the Bait--August 31, 2006

---------------| Exchange & Outlook UPDATE |---------------

*Commentary: Phishing: Recognizing the Bait
*Exchanging Ideas: Exchange 2007 Brings out the Best in Outlook 2007
*New and Improved: Simplify Lotus Notes to Exchange Server Migrations



Integrated Backup/Recovery and Replication Solution for Exchange Server

Making the Case for Email Archiving and Litigation Readiness

Liquid Machines and Windows RMS: Rights Management for the Enterprise


Sponsor: Sonasoft

Integrated Backup/Recovery and Replication Solution for Exchange Server
SonaSafe for Exchange Server is the only software that offers both backup/recovery and replication for Exchange Server as part of a single integrated solution. The solution provides automated one-click rapid recovery to the point of failure. Reliable replication -- no distance limitation, can be anywhere in the world. Typically, customers have to buy multiple solutions from different vendors to get similar capability. Also, it would cost three to four times more to get comparable functionality offered by Sonasoft's SonaSafe solution.

Get your free trial TODAY


***COMMENTARY: Phishing: Recognizing the Bait
by Paul Robichaux, Exchange Editor, [email protected]

When I was a kid, I had the good fortune of frequently fishing with my dad in the bayous of southern Louisiana, one of the world's most fertile littoral ecosystems. We didn't always catch anything, but I enjoyed the attempt. However, for the last year or so, I've been more concerned with phishing than with fishing. Because you're probably reading this column as an email message, the likelihood that you've gotten phishing email yourself in the last month or two is excellent. The Anti-Phishing Working Group ( issued a report in May 2006 that claims an increase of more than 250 percent in the number of new phishing sites in the last 12 months—a statistic that I find easy to believe.

On the face of it, phishing might seem like an end-user problem. As an Exchange administrator, you might not be concerned about your users accidentally disclosing their own personal eBay or PayPal passwords or the credentials for their bank accounts. However, there are two good reasons to worry. The first is mostly humanitarian: What if some less technologically astute acquaintance or family member falls for a phishing scam? Not every email user has the same degree of technical savvy (and skepticism) that you do.

The second reason to worry is more directly job related: An increasing number of phishers are targeting individual companies with messages that closely mimic their internal systems for employee benefits and the like. Last year the "Wall Street Journal" reported that, out of a pool of 500 West Point cadets, 80 percent were tricked into revealing personal information after a test spear-phishing attack ( Phishers are getting smarter, better organized, and more sophisticated all the time.

Unfortunately, the tools we administrators have to fight phishing haven't improved in proportion to phishers' skills. When you think about it, phishing email is really just a special class of spam, and to the extent that these messages are intercepted now, it's usually because of effective spam filtering. Of course, some filters are more effective than others; if your server-based spam filtering is poor, you shouldn't expect to get much relief from the phishing onslaught.

One way to fight phishing, of course, is to block URLs associated with phishing fraud at the browser. This is the approach adopted by companies such as Microsoft, EarthLink, Google, and Netcraft. These companies all make browser add-ons (or, in Microsoft's case, a browser—Internet Explorer 7.0) that look at the URLs you visit and, using either a centralized lookup service or heuristics, attempt to determine whether the page is fraudulent. These add-ons are helpful, but they don't address the root cause of the problem: the phishing email that arrives in our inboxes in the first place. (Another problem with add-ons is that some of them work better than others. I'll have more to say on this subject in a future column.)

Perhaps a better way to block phishing email is to use the email analysis and screening tools we already have and adapt them to catch phishing messages. So far, only a few vendors I know of are taking this approach. For example, Microsoft Exchange Server 2007 and Exchange Server 2003 SP2 both set a property called the phishing confidence level (PCL) on incoming mail. The PCL, which is determined by rules in the Microsoft Exchange Intelligent Message Filter (IMF), serves a function similar to the familiar spam confidence level (SCL): It helps the mailbox server and the client determine whether the inbound message is wanted. In the case of the PCL, Microsoft Office Outlook 2007 and Outlook 2003 SP2 can use the server-generated PCL, along with the SCL, to flag an incoming message as a potential phishing attack to warn the user. To get the benefit of this filtering, you should upgrade both Exchange 2003 and Outlook 2003 to SP2, then teach your users about the InfoBar on the email message and how to use the information it provides.

You might also consider filtering incoming phishing email by doing some simple subject filtering. Look at the APWG report I cited earlier and you'll see a list of the top domains attacked by phishers; in some cases, you might be able to block messages claiming to be from those domains without ill effect.

Long-term, widespread deployment of Sender ID (which I've written about before; see the list of articles below) will help reduce the incidence of phishing by giving us better, more automated tools to reject messages that claim to be from one domain but are really from another. Until then, we'll have to depend on the tools at hand and hope that the tool vendors can keep up with the phishers.

Access these related articles at by entering the InstantDoc ID number in the InstantDoc ID box at the top of the Web page:
"Sender ID: Back From the Grave," October 28, 2004, InstantDoc ID 44353
"Sender ID and FUD," July 21, 2005, InstantDoc ID 47140
"The Sender ID Standard," Exchange & Outlook Administrator, November 2004, InstantDoc ID 43917 (This article is normally available only to subscribers of the newsletter; however, it will be available to nonsubscribers until September 7, 2006.)


Sponsor: Symantec

Making the Case for Email Archiving and Litigation Readiness
Are your messages easily accessible, yet secure, in the case of an e-discovery request? With the phenomenal email volume growth, and increasing costs when companies fail to comply, you can't afford to lose an email. Download this free whitepaper today and implement a strong email retention and management system today!



Focus: Exchange 2007 Brings out the Best in Outlook 2007

The release of Exchange Server 2007 Beta 2 as a public download makes it possible for more people to see what the combination of Outlook 2007 and Exchange 2007 will bring to the table.

Have a question? Got answers? Join your peers in the Exchange discussion forums:
Current Threads:
Upgrading an Exchange 2000 Front-End server
Unable to stop Messenger Auto Logon
Public Folder Permissions

The voting has ended in the Windows IT Pro Exchange & Outlook nonscientific Instant Poll for the question "What's the best use for virtualization technology?" Here are the results from the 17 votes:
- 53% Testing Software
- 18% Consolidating servers
- 12% Enabling redundancy/business continuity
- 18% Running legacy OSs and apps

Tell us what you think in this month's Instant Poll:
"In a typical work week, how much time do you spend managing SharePoint?"
a. Most of the week
b. 1 to 2 days a week
c. Less than one day a week
d. None

~~~~ Hot Spot: ~~~~

Liquid Machines and Windows RMS: Rights Management for the Enterprise
Extend Microsoft Windows Rights Management Services (RMS) to support enterprise requirements for information protection, including proprietary business data.


by Blake Eno, [email protected]

Simplify Lotus Notes to Exchange Server Migrations
Quest Software announced updates to Quest Notes Migrator for Exchange to make for a more seamless transition from Lotus Notes to Exchange Server 2003/2000. By integrating with Quest MessageStats Report Pack for Lotus Notes, project management capabilities are available. Using a single console, you can get a high-level project view of the migration status in addition to each individual step. Any errors during the migration process will be automatically reported. QuestMessageStats also includes task-scheduling features. You can schedule certain components of the migration process to occur at any time. For more information, contact Quest Software at 949-754-8000.

Wanted: your reviews of products you've tested and used in production. Share your experiences and ratings of products to "[email protected]" and get a Best Buy gift certificate.


These Windows-related events, papers, and resources will help you keep your knowledge and skills up to date and help you deploy, secure, and maintain the latest Exchange- and Windows-related technologies. For additional resources, visit

Gear up for TechX World Roadshow
Hear first-hand from leading interoperability experts, vendors, and peers at this exclusive one-day event. You'll learn about managing OS interoperability, directory migration, data interoperability, and much more. This event provides in-depth information on how Windows and other systems cooperate with each other.

Does your company have $500,000 to spend on one email discovery request? Join us for this free Web seminar to learn how you can implement an email archiving solution to optimize email management and proactively take control of e-discovery--and save the IT search party for when you really need it! Live Event: Tuesday, September 12

You know you need to manage your email data; how do you do it? What steps are you taking? What additional measures should you enact? What shouldn't you do? Learn the answers to these questions and get control of your vital messaging data. Download the free eBook today!

Dramatically simplify Exchange troubleshooting with an in-depth look at built-in troubleshooting tools and third-party applications. Join us as we analyze a typical troubleshooting process, address the problems with using standard tools, and learn how automated troubleshooting can solve these challenges. Live Event: Thursday, September 14

Are you protected company-wide against spyware, keyloggers, adware, and backdoor Trojan horses? Test the state-of-the-art scanning engine that uses threat signatures from multiple sources to track down the culprits that antivirus solutions alone can't protect you against. Download your free 30-day trial of CounterSpy Enterprise today!



Help your small or midsized business protect one of its most valuable assets--business information. Easily store, manage, protect, and share information by using hardware designed with the needs of your business in mind. Manage IT without the large staff and extensive training--learn how today!



Invitation for VIP Access
For only $29.95 per month, you'll get instant VIP online access to ALL articles published in Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters--that's more than 26,000 articles at your fingertips. Sign up now:

Save $40 off Windows IT Pro
Subscribe to Windows IT Pro today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This is a limited-time offer, so order now:

~~~~ Contact Us ~~~~

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Exchange & Outlook Administrator, the leading publication for IT professionals managing, securing, optimizing, and migrating Exchange and Outlook. Subscribe today!

View the Windows IT Pro Privacy policy at

Windows IT Pro a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538,
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.