In my experience, Exchange’s message tracking functionality is pretty darn useful. I don’t use it often, but when I do, it’s a great timesaver. However, the existing Exchange 2003 GUI is a little clunky; sometimes it would be nice to be able to quickly get the status of a message directly from the command line.
Category Archives: UC&C
IBM Lotus launches Domino team blog
Nice to see IBM getting with the program; they’ve just relaunched the Domino team blog. I hope it focuses on substantive technical information (like the Microsoft Exchange team blog) instead of marketing argumentation; we have enough of that already.
Technorati Tags: Collaboration
Comments Off on IBM Lotus launches Domino team blog
Filed under UC&C
Getting mailbox sizes via script
Back in May, an attendee at one of my webcasts asked if I could point her to a script for querying mailbox sizes on a set of Exchange servers. I flagged her message to remind me to answer it and (drum roll) am just now getting to that folder of flagged items.
So, the answer is: you can start with this script from Michael B. Smith; it will give you the mailbox size information without touching the last login date on the mailbox. It doesn’t constrain output to a range of dates, but that should be a fairly simple addition.
Comments Off on Getting mailbox sizes via script
Filed under UC&C
10-10-06: TechNet Radio interview
As promised, here’s my TechNet Radio segment. I hope you find it as much fun to listen to as I did to record!
Comments Off on 10-10-06: TechNet Radio interview
Filed under UC&C
How Microsoft IT fights viruses and spam
I’m a big fan of Microsoft’s “IT Showcase” series, which highlights how Microsoft uses its own technologies (aka “eats its own dog food”, or just “dogfoods”) to solve business problems. I didn’t know they’d expanded the showcase to include podcasts, though. This episode covers some of the key points of Microsoft’s spam, virus, and e-mail security infrastructure. Pretty interesting stuff, including a discussion of how they’re using Exchange 2007’s Edge Transport role as their primary perimeter system.
Comments Off on How Microsoft IT fights viruses and spam
Filed under UC&C
Free Exchange 2007 training
Microsoft’s Walter Stiers posted this on his blog last week, and I’m just now getting around to it. The bottom line: you can get some Microsoft-led online Exchange 2007 training for free by hitting the Exchange learning portal. This is a great deal for IT folks and a good move for MS– it’s often difficult to get training into a budget this late in the year.
Comments Off on Free Exchange 2007 training
Filed under UC&C
TechNet Radio interview
I just got off the phone with Chris Avis of Microsoft’s TechNet Radio podcast series; we chatted about Exchange 2007, PowerShell, unified messaging, and my lame Xbox 360 skills. The podcast will go live next Tuesday; I’ll post a link to it when it’s up.
Comments Off on TechNet Radio interview
Filed under UC&C
More on e-mail-enabling SharePoint
As a follow-up to last week’s post on public folders and SharePoint, Liam Cleary has a pretty good walkthrough that covers the process of setting up SharePoint document libraries and records archives so that they can directly accept items mailed to them. I haven’t had a chance to play with this yet, but it’s an important part of Microsoft’s arguments around migrating to SharePoint from Exchange public folders, so it’s definitely on my radar.
Comments Off on More on e-mail-enabling SharePoint
Filed under UC&C
McAfee SiteAdvisor sure looks like an anti-phishing tool
Oh, bother.
I got a testy e-mail from Shane Keats of McAfee asking us to remove SiteAdvisor from the study, based on his claim that SiteAdvisor isn’t an anti-phishing toolbar. I wrote a detailed response, in private e-mail, and was prepared to leave it at that.
However, Mr. Keats cried “foul” to InfoWorld and on the IE blog, saying that including SiteAdvisor is “silly and wrong. We don’t claim, anywhere, to offer phishing protection. In fact, we’re pretty explicit that we don’t.”
I’ll admit to sometimes being silly, and I’ve certainly been wrong before, but I think in this case it’s fair to include SiteAdvisor. Here’s why:
- The SiteAdvisor.com home page contains this text: “McAfee SiteAdvisor also complements and enhances your existing security software by detecting threats which traditional security products often miss, including spyware attacks, online scams, and sites that spam you”. I think a reasonable person would likely interpret the reference to “online scams” as including phish.
- Question 2 of the SiteAdvisor FAQ page says “SiteAdvisor is a consumer software company dedicated to protecting Internet users from all kinds of Web-based security threats and annoyances including spyware, adware, unwanted software, spam, phishing, pop-ups, online fraud, and identity theft.” This definitely seems to represent SiteAdvisor as an anti-phishing tool.
- Mr. Keats included a partial quote from this support article: “SiteAdvisor’s software does not currently provide automated or real-time phishing detection”. However, the full text of this article explicitly says that user reports of phish sites are reported by SiteAdvisor. In our report, we didn’t distinguish between tools that use automated reporting and those, like SiteAdvisor, that can incorporate user-generated reports.
- On August 3rd, I spoke via phone with both Craig Kenwec of McAfee and Scott Van Sickle of Global Fluency, a PR agency that handles client-security PR for McAfee. Both of them told me that SiteAdvisor incorporates anti-phishing functionality.
Comments Off on McAfee SiteAdvisor sure looks like an anti-phishing tool
Filed under General Stuff, Security, UC&C
Phishing data sources and transparency
Microsoft pointed to our study from the IE blog, where there are already several comments, including this one from “Sheep and Duck”:
3Sharp was founded in 2002 by three friends: Paul Robichaux, Peter Kelly, and John Peltonen, all experts in their respective fields. Their goal was to establish a company that could demonstrate the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies. By working closely with Microsoft’s Information Worker Group, 3Sharp has always been able to stay on the cutting-edge of the Office System technologies.
http://www.3sharp.com/about_us.htm
Somehow I don’t trust this “study”.
To which I say:
Sheep and Duck, I understand why you’re skeptical. No matter who commissioned the study, *someone* would distrust the results on that basis alone. However, I think if you read the report, you’ll see that we have been transparent about our test methods and the data we used for the test. If you read the report and still have questions, feel free to contact me via e-mail (paulr@3sharp.com) or my blog (www.robichaux.net/blog) and I’ll do my best to address them.
The report even says that the actual scores of which product blocked or warned on which URLs is available from us on request. It’s hard to be much more transparent than that!
The folks over at mozilla links also asked a good question that I should have addressed in the FAQ: because some of the URLs came from a feed generated by opt-in Hotmail users, does IE have an unfair advantage? The answer is “no”, because the feed we used wasn’t incorporated in the data feeds that Microsoft uses for the Phishing Filter.
Frequently asked questions about 3Sharp’s anti-phishing report
When we started working on “Gone Phishing“, I anticipated that I’d get some questions, so I’ve been keeping a running list of things that I expect to be FAQs.
Q: What’s unique about your study?
A: As far as we know, no one’s done a public study that directly compares multiple products against a meaningful number of URLs. Most of the evaluations that have been put out there are anecdotal and only used a few URLs.
Q: What did you test?
A: We took 8 anti-phishing products (including the Netcraft toolbar, IE 7’s Phishing Filter, Google’s Safe Browsing for Firefox, Netscape 8.1, GeoTrust TrustWatch, McAfee SiteAdvisor, the eBay toolbar, and EarthLink’s ScamBlocker) and ran two sets of tests: one to determine how good each technology was at catching known phish, and one to see how many mistakes each made on known-good URLs.
Q: Who won?
A: IE 7 came out best overall, with a score of 172 of a possible 200. Netcraft was a very close second, scoring 168/200. For the rest of the scoring, see the report.
Q: Microsoft commissioned the study. Isn’t it biased?
A: No. 3Sharp, not Microsoft, designed the methodology, picked the URLs, and ran the tests. The report includes a complete discussion of how we did this, and even lists of the URLs we tested. We believe our methodology is sound and we’re being 100% transparent about how we got the results we did so that others can duplicate the results if they like.
Q: How’d you decide who won?
A: We calculated a composite accuracy score for each technology. This score combined the product’s performance at blocking or warning phish with its accuracy in not blocking or warning on legitimate URLs. Each technology earned points for correct blocks/warns and lost points for bogus blocks/warns. (See p10 of the report for the full scoring formula). A product that blocked all 100 phish and none of the 500 good URLs would score a perfect 200; a product that didn’t block anything (e.g. IE 6, Safari, Firefox 1.5, Opera, etc.) would score 0.
Q: 200? I thought there were only 100 phish.
A: We used 100 live phish and 500 known good URLs for the test. However, our scoring formula counts 2 points for a block and 1 point for a warning– so if product X blocked all 100 phish, it would score 200.
Q: Why’d you decide that a block should score twice as much as a warn?
A: Users have increasingly become conditioned to ignoring security warnings. In our view, stopping someone from going to a potentially dangerous site is better than suggesting that they not do it.
Q: What URLs did you use?
A: We gathered 100 phish for the tests; we did this by using several data feeds, scanning them using regular expressions, and then manually culling out the real phish. We tested each phish by hand to make sure that it was still live before running our tests, then we manually tested each phish in each technology and scored the results. Each phish was tested within 48 hours of its arrival to make sure it was fresh (or is that “phresh”?) See appendices A and B of the report for a complete list. For the known-good URLs, we took a set of 500 randomly selected URLs from our data feeds, then manually checked them to make sure they weren’t 404.
Q: Why didn’t you test <my favorite product>?
A: We had to take a snapshot of available products at a point in time. We couldn’t test all of the products, and we couldn’t go back and re-do the tests every time one of the technologies got updated. For example, EarthLink released an update to ScamBlocker during our test period, Mozilla released Firefox 2.0 (which includes anti-phishing features) recently, and Microsoft has updated IE 7 twice since the tests. Because phish have such a short lifetime, we couldn’t go back and re-run the tests.
Improving the value proposition of Notes e-mail?
Over on Ed’s blog, he’s been talking about how the battle between IBM Lotus and Microsoft isn’t about e-mail. In the comments, I pointed out that both sides want the battle to be about their broader platform… but many customers still think it’s about messaging and calendaring, and they see the debate in those terms. That may be because they’re more familiar with messaging and calendaring tools, or it may be because (despite protestations to the contrary) many Notes shops aren’t using all the collaboration functionality that they paid for (and have to manage).
Comments Off on Improving the value proposition of Notes e-mail?
Filed under UC&C
UM trial kit: $1000
Want to try Exchange 2007 Unified Messaging? Microsoft is working with a set of select partners to sell a “trial kit” with the hardware you’ll need. Rather, they’re selling some of the hardware you’ll need: an AudioCodes gateway that will link up to 4 analog phone lines with your Exchange UM server via Voice-over-IP. That gives you Outlook Voice Access, play-on-phone, and the Exchange automated attendant. You also get two hours of phone support, which you’ll probably need to set up the gateway.
Comments Off on UM trial kit: $1000
Filed under UC&C
Enabling subject lines in Exchange 2007 message tracking
Message tracking is an immensely useful Exchange feature that makes it simple to see each place where an inbound or outbound message was touched by an Exchange component. Mark Arnold had a good post back in August about some nifty message tracking tricks you can do with the set-transportServer task, but he left out the most important one (IMHO): how do you turn on subject-line tracking?
Comments Off on Enabling subject lines in Exchange 2007 message tracking
Filed under UC&C
Receiving Internet e-mail with Exchange 2007
I meant to blog this a few weeks ago, but I forgot. Thankfully, Outlook 2007’s To-Do Bar helped remind me, as I’d flagged it for followup. One of the most common questions I see from people who have just installed Exchange 2007 for the first time involves the hub transport role’s behavior when receiving Internet e-mail. Wonder why it’s rejecting your messages? Wonder no more; Bharat has a good explanation.
Comments Off on Receiving Internet e-mail with Exchange 2007
Filed under UC&C
Paul's Down-Home Page 