My debut article for Windows IT Pro Magazine, Fight Spam for Free, is now online in the April 2006 issue. If you're a subscriber to Windows IT Pro, you can access the article now or wait for it to show up in your mailbox. This article isn't anything new or revolutionary, but it is a concise overview of the native anti-spam capabilities you get in Exchange 2003, including the updates included in SP2. Leave me a comment if this article was helpful or you want to argue about something I said.
One interesting behind-the-scenes note: I originally wrote and submitted this article over a year ago. This kind of lead time is not uncommon in the magazine industry, especially in the tech industry where current developments can require the rapid inclusion of content that bumps an article that had been previously planned. It was an interesting experience and I'm eager to get more articles written -- in fact, I've got a couple of ideas I'm working on.
Another peek behind the curtain: one of the tech reviewers was dubious about the whole premise of the article. For a long time, mail admins in the know refused to allow Exchange to be the edge server in their organization; they'd use an SMTP proxy or some other SMTP MTA (like my favorite Postfix) to handle all inbound connections. Even today, it isn't a trivial task to harden an Exchange 2003 server to accept incoming connections from the Internet, and you still want to spend some time with your network and firewall design before you do it. (In particular, my favored design is to place ISA Server 2004 in the DMZ and use that to publish SMTP to the Exchange bridgeheads in the protected network.) However, Exchange 2003 -- especially with SP2 -- has finally matured enough and gained enough useful anti-spam features to make it worth the effort. The tech reviewer in question argued that no major companies would use this configuration; I happen to know of one or two. In fact, it was this very discussion -- and my defense of Exchange 2003 as the edge mail server, especially in small-to-midsize companies (which are more likely to be in the Windows IT Pro target audience) -- that prompted me to update my own home network. For years, I'd been using Postfix as an edge mail router to my Exchange org. I've since retired both Postfix (and the Solaris box it ran on). Postfix has a lot of nice features (like greylisting) that Exchange doesn't have, but I wasn't using any of them -- and the resulting reduction in time to configure and maintain my network (plus the ability to completely track all message flow in and out of my network from Exchange) more than makes up for it.
Not that I think Postfix is a bad MTA, mind you; in fact, there are many circumstances in which I'd still encourage clients to use it (or another MTA) in front of their Exchange organization. However, it's no longer the only sane option; Exchange is more than capable of taking care of itself now, as long as you have a sane network and firewall configuration. And I very much appreciate not having to take my Solaris box down to single-user mode to apply the latest security patch clusters anymore; WSUS is the cat's meow and helps me keep my network safer than ever.