Exchange spam management

Jump to latest Follow Reply
Magic Man

Magic Man

Ars Praefectus
3,695
  • #1
    I have an app I'm responsible for that logs service calls, from emails in multiple exchange mailboxes, that I loop through for access.
    I'm looking at limiting logging new records from duplicate emails that have been created from automated systems.

    I was going to look at this from the application side but from the Exchange side of things (which is not my area) what is available to scan incoming emails for duplication and deleting them (or moving them to another folder), all but one, so that I'm only left with unique emails in the first place?

    Many thanks.
     
    Paladin

    Paladin

    Ars Legatus Legionis
    32,552
    Subscriptor
  • #2
    Seems like it would be trivial to just have the service emails all have a specific identifier you can look for an ignore everything else. As for exchange spam filtering, there are tons of optional services to do that. But your description really makes it sound like your application should be the right place to make a decision on whether a particular email is the right thing to add to a log. You should be able to easily see if the email contains something unique that makes it qualified to be part of the log or not. Spam emails will almost certainly not have the content you want so you can easily ignore them.
     
    • Like
    Reactions: Magic Man
    Magic Man

    Magic Man

    Ars Praefectus
    3,695
  • #3
    Thanks. These are not Spam in the traditional sense, they are all genuine emails but from automated systems (possibly incorrectly setup) that generate the same email in a short period of time.

    E.g. they may send an email from an alert that a disk is nearly full, but that alert is triggered so frequently and repeatedly that we end up with say a dozen or so email alerts every minute. They are all genuine, but we only need to act on one of them, the rest are superfluous and just end up creating unnecessary duplicate call records.

    From the app point of view I can look at each email in turn and decide whether to create a new record from it or not but that introduces a lot of overheads. It would be good if the Exchange server could look at each mailbox on an agreed schedule and check if there are duplicate emails in there and, if so, delete all but one of them. That at least then makes any additional checks I do on my side a lot easier and for a lot less emails.
     
    Paladin

    Paladin

    Ars Legatus Legionis
    32,552
    Subscriptor
  • #4
    Oh, I see. No, I have never heard of anything like that. Mail delivery systems don't care if emails have the same content. Presumably someone wanted to send multiple of the same message for a good reason so the server is bound to deliver them. I still think the application is the best place to manage duplicates or unwanted emails in this case. It should be trivial to have it simple rate limit any actual notifications to real people via a batch processing system or by simply only doing alerts on unique message content. Any duplicate alerts can be put into a batch alert or recurring alert instead of sending it out as new.
     
    • Like
    Reactions: Magic Man
    O

    oikjn

    Ars Scholae Palatinae
    969
    Subscriptor++
  • #6
    what is generating the incoming service emails?

    If I understand your issue correctly, this is what I do on some incoming redundant email notices I get on a few mailboxes.

    it's on a small scale here, but when I've run into some duplicate incoming emails generated by sources that are out of my control and ultimately happen enough to annoy me into action, I just create a rule on the actual mailbox I don't want the emails going in to take those emails and move them to a sub-folder with a retention period of 30-days to delete and marking the email as read. That way I can see the email if I really wanted for a period of time, but also doesn't flood that mailbox with an appearance of many new unread emails to address.
     
    • Like
    Reactions: Nulls
    N

    Nulls

    Ars Tribunus Militum
    2,451
  • #7
    The ideal way would be the tune the alerts in what I am guessing is the monitoring solution that is generating them to send fewer more relevant alerts than spam.

    It may be a duplicate alert type but the information in it may be unique and trying to fix that from a exchange side is very difficult to do.

    You have inbox rules that users can setup to move emails to different folder to delete emails.

    The other more advanced option is a transport rules on exchange, there you have alot more options, I think in this case you would probably be looking at using regex pattern matching in either the subject or body of the email and have it mark the email as spam for a specific mailbox.

    You have to be careful with those and keep in mind that every incoming email will get evaluated with the rules so if you setup a ton of rules then it can affect performance.
     
    You must log in or register to reply here.
    Jump to latest Follow Reply
    Jump to latest Follow Reply