Solved

Exchange 2007: Stopping email spoofing for internal users

Posted on 2010-09-07
3
747 Views
Last Modified: 2012-05-10
We get a ton of spam email claiming to be sent from users inside our organization to users in our organization. Upon examining the message properties, it is clear that they are being sent through an outside SMTP server. How can I make it so Exchange treats any email sent through an outside SMTP server from an internal address as spam? None of my users need to be able to use an outside SMTP server anyway so it won't interfere with them. Thanks.
0
Comment
Question by:rbichon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 22

Expert Comment

by:chakko
ID: 33617651
You need to setup an SPF record for that, and then in Exchange activate the Sender ID feature
 Here is info on it from MS
http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx 
Here is other info on SPF
 http://www.openspf.org/
Here is a wizard that will help making the DNS txt record for you.
http://old.openspf.org/wizard.html 
One thing to take note of.  When you make the TXT record at the end of it will be something like ~a
Change this to -a so that it will reject.  ~a setting is like a test mode.
 
0
 
LVL 1

Author Comment

by:rbichon
ID: 33617921
Looks easy enough. Is there a risk of it denying legitimate emails though?
0
 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
ID: 33618056
The basic concept if you list the servers or IP addresses of servers that send out mail from your domain.com name
If someone tries to send email with the from address forged and that server is not on the list you created, then it should reject the email.
If the only mail server sending email for your domain is your server then there shouldn't be any risk.
If you have people sending email from the work address and they use alternate email servers then those emails may have a problem.  You can add the email servers that they use to the SPF record if needed.
In the Exchange side it can accept email that fails the sender ID check but it will add a SPAM value and then the Exchange anti-spam will process it.  Not 100% sure for Exchange 2007, but that's how it worked in 2003.  
I don't think the SPF is foolproof, but it should help
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question