Forefront Online Protection for Exchange

Introduction

The purpose of this Tech Document is to explain how the email that originates from outside this organization is processed, and to describe the tools that you can use to manage your personal spam quarantine. This memo does not apply to internal email messages.

To protect this organization from virus attacks and to protect you from receiving hundreds of spam messages, all incoming email is filtered by the Forefront Online Security for Exchange (FOPE) - an anti-spam and anti-virus product. FOPE uses an advanced machine learning filtering technique to ensure that no valid mail is improperly filtered.

How does email filtering work?

All incoming (and outgoing) email is filtered by FOPE. Depending upon rules and policies, messages that contain a virus or spam are either deleted or quarantined.

What is the Quarantine?

The Quarantine is a location on a server where email messages that are suspected to be spam are stored temporarily so that they can be reviewed and retrieved if necessary. System administrators have the ability to search for messages on a user's behalf, if the user knows the sender's email address. You may also review and take action on your own quarantined email through the use of the End User Digest. Messages that are not released from the Quarantine are automatically deleted after 15 days.

What is an End User Digest?

If email messages addressed to you were sent to the Quarantine, you will receive an email notification, called an End User Digest (or Digest), in your mailbox. The Digest provides you with a list of the messages addressed to you that are stored in the Quarantine. You can look at the message subject headers to determine their content and as a result what actions you want to apply to the messages.  The digest email is mailed every 3 days.

This document will help you get started with the Microsoft® ForefrontTM Online Security for Exchange (FOSE) Quarantine feature.  The Quarantine service has the following attributes:

  • Spam is kept in the Quarantine service for 15 days.  After that time, the stored e-mail messages are permanently deleted and cannot be retrieved.
  • For messages incorrectly identified as spam, forward the message to false_positive@messaging.microsoft.com.  Please be sure to include the full headers of the message with your submission.
  • New spam rules are set globally for all customers.  Please be aware that not all individual spam or false positive submissions result in new spam rules.

End User Digest 

You will receive periodic reminders from the Quarantine service when you have received new spam.

If you would like to have a message delivered to your Inbox click on the Move to Inbox link from the notification.  This will send the message to your corporate e-mail Inbox.

FAQ:

How do I delete my messages in the Quarantine?

There is no need to delete your messages in the Quarantine.

If you do no release a message from the Quarantine, it will automatically be deleted after 15 days.  If you look at the messages in your Digest and determine that all of them are spam, you do not need to do anything.  The messages will automatically be deleted from the Quarantine.

What is a false negative?

A false negative is an email incorrectly identified as not spam.  An email message that is incorrectly delivered to your mail box becaue it was not identified as spam can be reported as a false negative.

Spammers are very clever and are always finding ways to trick products like the FOPE into delivering spam to your mailbox.  FOPE frequently updated in an attempt to stay on step ahead of the spammers.

How do I report Spam?

Reporting Spam to FOPE is easily done right from within the full version of Outlook after downloading and installing this plugin from:
http://www.microsoft.com/downloads/details.aspx?FamilyID=53541292-ce94-4c5b-9127-b7d56f11b619&displaylang=en

In your email menu bar, you will notice a new icon next to the Send/Receive.

The new icon   is an easy way to report spam that has slipped through Forefront Online Protection for Exchange 

If you receive an email and wish to report it to Microsoft, simply click that button.  A copy of the message, with full headers, will be sent to Microsoft's Anti-spam team for analysis.

What is a false positive?

A false positive is an email incorrectly identified as spam. If an email message is scored as spam and sent to the Quarantine, but it really is a legitimate message from a legitimate sender, you can report it as a false positive.

In the future, messages that have the same characteristics as the message you reported will not be placed in the Quarantine for containing spam.

How do I report False Positive?

To report a false positive, find the message in our Outlook inbox. Once the message is highlighted, choose File>Save As from the menu.

A new window will pop up asking you for a location to save and a file name.

You may leave the default name.  In the Save As Type box, drop down the box and choose Outlook Message Format (*msg).  Then click Save.  NOTE: You MUST save it in this format, or it will not be saved properly.

Once you have the message saved, open up a new email.  Address it to False_Positive@messaging.microsoft.com, attach the message you just saved, and click Send.

 

Last Modified: December 30, 2009