This section describes how you can use Forefront Protection 2010 for Exchange Server (FPE) to help prevent spam e-mail from entering Microsoft Exchange messaging environments.

You can enable FPE antispam technology in the Exchange Edge and Exchange Hub roles. The Edge role, however, is the preferred location for antispam scanning, because it enables FPE to reject spam early in the process without putting an unnecessary load on the network layers. The technology includes a series of agents that are registered with Exchange and are invoked at specific points in the SMTP pipeline. FPE can also be integrated with Forefront Online Protection for Exchange (FOPE) to provide an additional layer of filtering for your messaging environment.

If you are using FOPE to filter your e-mail traffic, you can configure FPE to bypass spam scanning of messages that were already scanned by FOPE. For more information, see Bypassing virus and spam scanning for messages already scanned.

FPE uses several kinds of filtering in order to identify and mitigate spam e-mail:

During the first two phases in the antispam pipeline, FPE can reject a message if the message originated from a block-listed IP address or a blocked or spoofed sender. FPE can also be configured to reject a message if it is intended for an invalid or blocked recipient. During the final phase, FPE determines the confidence level that a message is spam. FPE allows you to set a threshold of confidence, which determines the mitigation action FPE takes during content filtering. Messages above the threshold can be rejected or deleted, and messages below the threshold can be quarantined or forwarded to Microsoft Office Outlook. Suspect messages that are forwarded to Office Outlook can be scanned again depending upon the Office Outlook settings.

If you are unable to set antispam settings through the FPE Administrator Console, please verify that the Exchange Server Administrator’s password has not expired or been changed.
When antispam filtering is enabled, you must also ensure that the internal SMTP servers list is populated in the Microsoft Exchange Server Management Shell. This step is important if there are any incumbent Message Transfer Agents (MTA) between the internet and the FPE-protected Exchange server where the antispam agents are enabled. Information about configuring the internal SMTP servers list can be found in the following Microsoft Exchange documentation topics: Anti-spam agents are enabled, but the list of internal SMTP servers is empty ( and Set-TransportConfig cmdlet (

For more information about enabling the FPE antispam features, see Enabling antispam protection.

Related Topics

Resetting the Exchange Server account credentials


Configuring antimalware scanning
Configuring filtering