It’s not easy being a spam cop. But the folks on the Forefront Online Protection for Exchange (FOPE) team love it!

Their passion for being investigators and transport experts has translated into measurable impacts to help safeguard customers’ inbound, outbound and internal business mail from spam, viruses, phishing attacks, out-of-policy content and help customers focus on being productive. FOPE processes over a billion messages worldwide every day, including for Exchange Online customers. This team works hard to offer five financially backed SLA’s including 100% known virus, 98% antispam protection and 99.999% uptime.

This service goes largely unnoticed as long as the mail keeps flowing and the FOPE team works hard to help ensure that. One of our Senior Program Managers, Alexander Nikolayev, recounted that the team was able to proactively detect an organized attack mounted during the US Thanksgiving holiday and were able to counter the malicious behavior while many Americans were eating their turkey dinners. When customers went back to work the next day, they didn’t notice anything other than normal email in their inbox.

We wanted to share stories like these and some of the team’s passions with all of you in the next installment of our ESE Access to Exchange video series.

In the video, Terry Zink discusses taking a statistical approach to the way we approach designing our IP block lists and we wanted to further elaborate on this approach. FOPE offers an effective combination of anti-malware and antispam technologies to protect organizations from both known and unknown malicious software including heuristics scanning and block lists to maintain and achieve the 98% SLA. Some of our IP block lists are built to act proactively; they examine traffic history making judgments about whether communication is coming from a good sender or bad sender. Additionally, as patterns emerge to show which senders are responsible for a high volume of illegitimate messages, FOPE will automatically add the sending IP address(es) into the reputation block list so that all future messages from that particular IP are no longer accepted by the service’s global network.

We unfortunately had to cut out a lot of content to keep the running time manageable (including Alex’s Thanksgiving spam attack story and Terry’s detailed explanation on IP block lists and reputation) but let us know if you have questions and feedback for us and if you’d like to hear more about the Exchange team.

If you missed our previous video in the series, check out ESE Access to Exchange: Running Exchange Online.

Ann Vu

Note, the "ESE" in the post title is a wordplay on "easy". The post content does not have anything to do with the excellent Extensible Storage Engine (ESE) used in Microsoft Exchange and other products.