Solved

Exchange 2007: Stopping email spoofing for internal users

Posted on 2010-09-07
3
744 Views
Last Modified: 2012-05-10
We get a ton of spam email claiming to be sent from users inside our organization to users in our organization. Upon examining the message properties, it is clear that they are being sent through an outside SMTP server. How can I make it so Exchange treats any email sent through an outside SMTP server from an internal address as spam? None of my users need to be able to use an outside SMTP server anyway so it won't interfere with them. Thanks.
0
Comment
Question by:rbichon
  • 2
3 Comments
 
LVL 22

Expert Comment

by:chakko
ID: 33617651
You need to setup an SPF record for that, and then in Exchange activate the Sender ID feature
 Here is info on it from MS
http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx 
Here is other info on SPF
 http://www.openspf.org/
Here is a wizard that will help making the DNS txt record for you.
http://old.openspf.org/wizard.html 
One thing to take note of.  When you make the TXT record at the end of it will be something like ~a
Change this to -a so that it will reject.  ~a setting is like a test mode.
 
0
 
LVL 1

Author Comment

by:rbichon
ID: 33617921
Looks easy enough. Is there a risk of it denying legitimate emails though?
0
 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
ID: 33618056
The basic concept if you list the servers or IP addresses of servers that send out mail from your domain.com name
If someone tries to send email with the from address forged and that server is not on the list you created, then it should reject the email.
If the only mail server sending email for your domain is your server then there shouldn't be any risk.
If you have people sending email from the work address and they use alternate email servers then those emails may have a problem.  You can add the email servers that they use to the SPF record if needed.
In the Exchange side it can accept email that fails the sender ID check but it will add a SPAM value and then the Exchange anti-spam will process it.  Not 100% sure for Exchange 2007, but that's how it worked in 2003.  
I don't think the SPF is foolproof, but it should help
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Find out what you should include to make the best professional email signature for your organization.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question