As you may have heard by now, Exchange released a cool new feature yesterday that goes by the name of Intelligent Message Filter (IMF). You can find out more details on this cool feature at www.microsoft.com/exchange/imf. On Exchange, we are encouraged internally to Dogfood (consume pre-release deliverables) our own products, and since I’ve always enjoyed battling the UCE problem on my personal mail server, I decided to give IMF a test drive.
After getting everything thing setup, my first choice in filtering was to give my end users (family) the burden of cleaning up UCE from their own junk mail folder. The initial feedback was extremely positive, and I was quickly able to figure out the thresholds that worked for most people (6 on the fence, 7 and up almost always UCE). But I also started getting feedback that the end users didn’t really want to continue to deal with the stuff that was definitely UCE and would prefer it never got to the inbox.
As it so happens, IMF has a choice of choosing different actions at two different levels. The first action that I had already used was storing the UCE to the Junk E-mail folder. The second action was a blocking action that would Archive, Delete, or Reject. I didn’t want to reject, as more likely then not I’d end up with a bunch of NDR’s sitting in an outbound queue that would never be delivered. I didn’t want to delete, as I’m always concerned about accidental mail deletion, so Archive sounded like the perfect solution for me.
Since I knew that level 7 and up typically was UCE, I set the Blocking configuration to Archive messages with a Spam Confidence Level (SCL) of 7 or greater. I then started watching messages pile up in my “program files\exchsrvr\mailroot\vsi 1\UceArchive” folder. I now had to figure out a way to manage this folder. Unfortunately this was not an area that the IMF feature was focused on. Using OE or notepad via browser window was not very pleasant. So it was time to fire up Visual Studio and roll my own Archive Manager. The result was the IMF Archive Manager (IMFAM) that is now available on http://workspaces.gotdotnet.com/imfarchive.
IMFAM is a C# GUI tool released as shared source on GotDotNet that provides a tree view of the archive directory and the eml files in it. It also has a preview pane that displays decoded P2 mail message properties as well as the entire raw message. There are 5 actions: Refresh, Delete, Resubmit, Copy to Clip, and Report. Refresh reloads the tree view as well as the raw message. Delete deletes the selected message. Resubmit moves the message to the pickup directory where it is resubmitted to the MTA and delivered. Copy to Clip copies the entire raw message to the clipboard in case you want to paste it in another window. Report creates a new message, attaches the selected message as an attachment, and then sends it to the recipient listed in the report settings. In addition it optionally strips P1 headers, x-SCL header, and deletes the message if so configured in the report settings. The report feature is useful if you want to send the UCE to reporting organizations such as http://www.spamcop.net.
Since this is released as a shared source project on GotDotNet, feel free to download it, kick the tires, provide feedback, or even join the group and provide new features.