By default, Microsoft® Exchange Server accepts all messages received via SMTP protocol. In the case that the server is unable to find a recipient within the system the message is returned to the sender (non-delivery report, NDR). This approach, however, may cause a potential security threat: since the sender’s address is not checked, a sender with malicious intentions can set any address as the reply-to address.

As anti-spam activities around the world become more and more widespread, spammers are inventing new ways of sending unsolicited mail. NDR-attacks allow spammers to bypass most of the server side and client side spam check filters:

• since Exchange Server returns undelivered messages as an attachment, spam filters that monitor message body and headers for specified keywords operate less effectively, allowing such messages to pass through undetected;
• many users delete unsolicited mail manually without reading it (this takes less than a second); however, when they see a message with ‘Undelivered Mail’ in the subject line they often open and read the attached message. Not only is this a time consuming activity, but what if the attachment contains a virus – more specifically a ‘worm’, that would subsequently mail itself to all the members in the unfortunate employee’s address book?;
• since the source of the originating mail is an “honest” server (that is not found in SPEWS or ORDB databases), sever filters, including the latest filters introduced by Microsoft Exchange 2003 Server will allow the message to pass.

Nowadays, a lot of web-sites offer visitors the opportunity to sign-up to company public distribution lists. However, along with public distribution lists, a company often needs to organise additional non-public lists under one of their employee’s charge.

Both technical and organizational problems may occur with creating such lists — for example, in order to create such a list, a hidden section needs to be created on the company web-site. A section that will contain information on how to subscribe/unsubscribe to the list; invariably, the list created will need to have been created by the site administrator who will then need to give the relevant person the necessary tool access to manage the said section.

This section contains general information common to all of our add-ins in a question and answer format.

1. What versions of Microsoft Outlook, Microsoft Exchange Server and Microsoft Windows do your add-ins work with?
2. How do I configure Microsoft Outlook 2000 for workgroups?
3. Does the work of your add-ins trigger the security system?
4. Will I get the next version of your add-in if I am a registered user?
5. Where do I download add-ins and their updates?
6. How do I install add-ins and their updates?
7. How do I know that an add-in is loaded?
8. How do I find out the version numbers of installed add-ins and if there are newer versions available?
9. How do I temporarily disable an add-in?
10. How is it possible that I cannot disable your add-in? What are “disabled items”?
11. Where can I find add-ins after I install them?
12. How do I install your add-in on all computers within my organization?
13. How do I uninstall your add-in?
14. What is the difference between Microsoft Outlook add-ins, add-ons, plug-ins and Outlook extensions?