Solved

Exchange 2007: Stopping email spoofing for internal users

Posted on 2010-09-07
3
742 Views
Last Modified: 2012-05-10
We get a ton of spam email claiming to be sent from users inside our organization to users in our organization. Upon examining the message properties, it is clear that they are being sent through an outside SMTP server. How can I make it so Exchange treats any email sent through an outside SMTP server from an internal address as spam? None of my users need to be able to use an outside SMTP server anyway so it won't interfere with them. Thanks.
0
Comment
Question by:rbichon
  • 2
3 Comments
 
LVL 22

Expert Comment

by:chakko
ID: 33617651
You need to setup an SPF record for that, and then in Exchange activate the Sender ID feature
 Here is info on it from MS
http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx 
Here is other info on SPF
 http://www.openspf.org/
Here is a wizard that will help making the DNS txt record for you.
http://old.openspf.org/wizard.html 
One thing to take note of.  When you make the TXT record at the end of it will be something like ~a
Change this to -a so that it will reject.  ~a setting is like a test mode.
 
0
 
LVL 1

Author Comment

by:rbichon
ID: 33617921
Looks easy enough. Is there a risk of it denying legitimate emails though?
0
 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
ID: 33618056
The basic concept if you list the servers or IP addresses of servers that send out mail from your domain.com name
If someone tries to send email with the from address forged and that server is not on the list you created, then it should reject the email.
If the only mail server sending email for your domain is your server then there shouldn't be any risk.
If you have people sending email from the work address and they use alternate email servers then those emails may have a problem.  You can add the email servers that they use to the SPF record if needed.
In the Exchange side it can accept email that fails the sender ID check but it will add a SPAM value and then the Exchange anti-spam will process it.  Not 100% sure for Exchange 2007, but that's how it worked in 2003.  
I don't think the SPF is foolproof, but it should help
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now