After our January test of Test of Microsoft Exchange 2007, Forefront add-on, Microsoft called our antispam results into question.

After several discussions with the Exchange team, we did indeed discover a significant issue with the test as executed. We had installed Exchange 2007 and its ForeFront security software in 32-bit Windows test environment, a test configuration blessed by the Microsoft team who completed the onsite installation. What we, and they, didn’t realize is that 32-bit versions of Forefront don’t get antispam updates from the company. Based on this “no-fault” error, we agreed to retest Forefront and Exchange using the 64-bit versions of the applications.

Our results on the second test were certainly improved, but didn’t exonerate the Forefront antispam engine completely. With Exchange 2007 properly configured in a 64-bit environment, we achieved a spam-catch rate of 80% to 91% and saw a false-positive rate in the range of 0.42% to 2.21%. In the same retest, we saw Symantec and Ironport turn in scores of 92% to 98% in spam-catch rate, with false-positive rates between 0.11% and 0.33%.

During this subsequent round of testing, Microsoft pointed out an important feature of Exchange 2007 called “Safelist Aggregation” as a way to help cut the very high false-positive rate for Forefront Security. With Safelist Aggregation, users have the ability to bypass antispam processing for certain users and domains (as many as 1,024 entries per Exchange user). Entries on the safe list can get there any number of ways, including contacts from the user’s address book, explicitly added users and domains, and from outgoing messages.