Configuring Web Beacon and HTML Form Filtering in Outlook Web Access
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
Web beacons frequently come in the form of images that are downloaded onto a user's computer when the user opens a junk e-mail message. After the images are downloaded, a Web beacon notification is sent to the sender of the junk e-mail message that informs the sender that the recipient e-mail address is valid. After a user opens a message that sends a Web beacon notification back to the junk e-mail sender, the user may receive junk e-mail more frequently because the junk e-mail sender has verified that the user's e-mail address is valid. Web beacons can also contain harmful code and can be used to circumvent e-mail filters to deliver an e-mail message from someone who is sending unsolicited commercial e-mail.
Note
By default, Microsoft Office Outlook Web Access enables users to choose to allow or disable potential Web beacon content in individual e-mail messages.
Controlling Web Beacon and HTML Form Filtering
In Outlook Web Access, an incoming e-mail message that contains content that can be used as a Web beacon prompts Outlook Web Access to display a warning message to the user to inform the user that the content has been blocked. This occurs regardless of whether the message actually contains a Web beacon. If a user knows that a message is legitimate, they can enable the blocked content. If a user does not recognize the sender of the message, they can open the message without unblocking the content, and then delete the message without triggering beacons. If your organization does not want to use this feature, you can disable the blocking option for Outlook Web Access.
The settings for filtering Web beacons are stored in the Active Directory directory service. You can configure how potential Web beacon content is filtered by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell. For more information about syntax and parameters, see Set-OwaVirtualDirectory.
The following list describes the parameters in the FilterWebBeacons property for Web beacon filtering in Outlook Web Access:
UserFilterChoice By using the UserFilterChoice parameter, you can let users decide whether they want to enable or continue to disable the blocked Web beacon content. Outlook Web Access blocks all potential Web beacon content in an e-mail message and displays the following message in the information bar when a user receives an e-mail message that contains potential Web beacon content: "To help protect your privacy, Outlook Web Access has blocked some images, sounds, or forms that can communicate your information to other Web sites. If you are sure that this message is from a trusted sender and you want to re-enable the blocked features, Click Here." To view the blocked content, the user can click the Click Here option.
Note
By default, the UserFilterChoice parameter is enabled in Outlook Web Access.
ForceFilter By using the ForceFilter parameter, you can block all potential Web beacon content. Outlook Web Access blocks all potential Web beacon content in an e-mail message and displays the following message in the information bar when a user receives an e-mail message that contains potential Web beacon content: "To help protect your privacy, Outlook Web Access has blocked some images, sounds, or forms that can communicate your information to other Web sites." Users cannot override the ForceFilter parameter to view the blocked Web beacon content.
DisableFilter By using the DisableFilter parameter setting, you can enable all potential Web beacon content in Outlook Web Access.
For More Information
For more information about how to control Web beacons, see How to Control Web Beacon and HTML Form Filtering for Outlook Web Access.