1. Why is having a 3rd party spam filter not a best practice?
2. If you DO use this configuration, why would you not want to restrict mail to only come from the spam solution?
Wouldn't the correct solution have been to point mx records for all accepted domains pointed towards the third party filtering service. Or none? Your solution seems like a temporary fix for a rare situation...
ChadN
9 Dec 2014 1:31 AM
9 Dec 2014 9:44 PM
Hi Chad, your right in that this is a rare situation, but one that I've seen multiple times which is why I wanted to write about it.
As for using a 3rd party spam filter in front of EOP, see
http://blogs.technet.com/b/eopfieldnotes/archive/2014/09/11/best-practice-don-t-daisy-chain-filtering-services.aspx. From the mail flow side this is totally fine. The reason that it is not recommended is that EOP detects a large amount of spam based on
the sending IP. EOP only looks at the connecting IP, meaning that if a 3rd party filter is in front of EOP, then EOP will only ever see the IP of the 3rd party and never the original IP, thus hindering it's ability to detect spam. If you are very confident
in the 3rd party filter then this is a fine situation, just be aware that if the 3rd party misses a piece of spam, EOP might as well, but if the 3rd party was not there EOP may have blocked the messaged based on the sending IP.
It all depends on what you want to do.