Solved

Exchange 2007: Stopping email spoofing for internal users

Posted on 2010-09-07
3
739 Views
Last Modified: 2012-05-10
We get a ton of spam email claiming to be sent from users inside our organization to users in our organization. Upon examining the message properties, it is clear that they are being sent through an outside SMTP server. How can I make it so Exchange treats any email sent through an outside SMTP server from an internal address as spam? None of my users need to be able to use an outside SMTP server anyway so it won't interfere with them. Thanks.
0
Comment
Question by:rbichon
  • 2
3 Comments
 
LVL 22

Expert Comment

by:chakko
Comment Utility
You need to setup an SPF record for that, and then in Exchange activate the Sender ID feature
 Here is info on it from MS
http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx
Here is other info on SPF
 http://www.openspf.org/
Here is a wizard that will help making the DNS txt record for you.
http://old.openspf.org/wizard.html
One thing to take note of.  When you make the TXT record at the end of it will be something like ~a
Change this to -a so that it will reject.  ~a setting is like a test mode.
 
0
 
LVL 1

Author Comment

by:rbichon
Comment Utility
Looks easy enough. Is there a risk of it denying legitimate emails though?
0
 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
Comment Utility
The basic concept if you list the servers or IP addresses of servers that send out mail from your domain.com name
If someone tries to send email with the from address forged and that server is not on the list you created, then it should reject the email.
If the only mail server sending email for your domain is your server then there shouldn't be any risk.
If you have people sending email from the work address and they use alternate email servers then those emails may have a problem.  You can add the email servers that they use to the SPF record if needed.
In the Exchange side it can accept email that fails the sender ID check but it will add a SPAM value and then the Exchange anti-spam will process it.  Not 100% sure for Exchange 2007, but that's how it worked in 2003.  
I don't think the SPF is foolproof, but it should help
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now