Service Pack 2 for Exchange Server 2003 is now available and introduces a host of new or enhanced features, primarily in the areas of mobile e-mail, security, antispam, and performance, in addition to the typical bug fixes. However, mobile users will not benefit from the e-mail improvements unless they buy new Windows Mobile (WM) 5.0 phones, which are just beginning to ship, and install the Messaging and Security Feature Pack (MSFP)—which won't ship until the first half of 2006—on them.

Mobile E-Mail Improvements

The combination of the MSFP and Exchange Server 2003 SP2 will significantly improve Microsoft's e-mail solution for WM devices. This duo will finally give Microsoft a true e-mail push solution on par with Research in Motion's (RIM's) market-leading mobile e-mail solution for its BlackBerry phones.

The new Direct Push Technology (DPT) feature maintains a continuous data connection between the mobile phone and Exchange Server, offering up-to-the-minute synchronization of Exchange e-mail, contact, and calendar items with users' mobile devices. Microsoft says its solution requires less hardware and software infrastructure, thereby making it cheaper and less complex than RIM's. (For more information about DPT, see "Improved Mobile E-Mail on the Horizon" on page 16 of the Aug. 2005 Update.)

In addition to DPT, the SP2/MSFP combination offers a few other new features:

Address list access from mobile devices. Today's users have access to locally stored Outlook contact entries but not to their organization's Global Address List (GAL), making it difficult to address mail to corporate recipients. With the MSFP, users can look up addresses in the GAL from the messaging, phone, calendar, and contacts pages of the Outlook Mobile user interface. However, unlike the full Outlook 2003 client, a copy of the GAL is not stored on the device, so unless mobile users have a wireless connection, they can't address e-mail using the GAL.

Secure/Multipurpose Internet Mail Extensions (S/MIME) support. The MSFP will allow WM 5.0 devices to digitally sign and encrypt messages with S/MIME. Without this support, users in organizations that use S/MIME e-mail security internally or with business partners cannot use their mobile devices to read or send secured mail.

Improved device security. Although not directly related to mobile mail, a new security policy feature in Exchange 2003 SP2 piggybacks on Exchange's over-the-air synchronization feature. With this feature, administrators or other delegated individuals can force WM device users to use a device-unlock password; configure a device to erase locally stored data after a number of incorrect logon attempts; or remotely wipe all data off a lost or stolen device. SP2 and the MSFP also give organizations the option to implement certificate-based authentication on devices, eliminating the risk that a thief can obtain corporate credentials from a stolen device and use those credentials to log on to other parts of the network. These last two options require the upcoming Exchange ActiveSync Mobile Web Administration tool and the upcoming ActiveSync Certificate-based Authentication tool, respectively, both of which will be available by the end of 2005.

Security and Antispam Improvements

SP2 includes two new features that will benefit all Exchange users, no matter what client they use.

Intelligent Message Filter (IMF) update. SP2 will adjust Exchange 2003's spam-filtering methods (heuristics) to better detect the most recent patterns of spam. This update includes new capabilities to block phishing schemes, which attempt to solicit sensitive personal information by using falsified messages that masquerade as legitimate. With SP2, the IMF becomes an integral part of Exchange 2003 rather than an add-on.

Sender ID. SP2 will include support for Sender ID—Microsoft's published, royalty-free specification for authenticating mail servers—which enables companies to apply more stringent screening to e-mail from unauthenticated mail servers. This feature works in conjunction with the Exchange IMF to further protect against phishing and spoofing schemes. However, widespread industry adoption for Sender ID is by no means assured (partly because of Microsoft patents that are part of its specification), which could ultimately limit its usefulness.

Performance Improvements

SP2 introduces several changes that enhance Exchange 2003's capacity and performance.

Increased mailbox storage. SP2 increases Exchange Server 2003 Standard Edition's mailbox storage size limit from 16GB to 75GB.

Improved caching. Changes to Exchange's offline address book format (a copy of the GAL) and a new transfer scheme offer significantly improved performance for global address-list downloads to Outlook 2003 SP2 clients. (Outlook clients operating in cached mode use the locally stored offline address book, rather than contacting the Exchange server, when users pick e-mail addresses from the GAL.) SP2 also lets administrators force Outlook 2003 clients to use cached mode, which improves performance and reduces server loads.

Public folder improvements. SP2 makes it easier for administrators to manage Exchange public folders, including managing replication of public folders across servers, deletion of folders and messages, and other tasks.

Availability and Resources

Exchange 2003 SP2 comes in the same nine languages as Exchange 2003: Chinese Simplified, Chinese Traditional, English, French, German, Italian, Japanese, Korean, and Spanish.

The service pack can be downloaded from www.microsoft.com/technet/prodtechnol/exchange/downloads/2003/sp2/download.mspx.

SPF and Sender ID are described in "Antispam Standard Stumbles on Patent Issues" on page 35 of the Nov. 2004 Update.