Solved

Exchange 2007: Stopping email spoofing for internal users

Posted on 2010-09-07
3
745 Views
Last Modified: 2012-05-10
We get a ton of spam email claiming to be sent from users inside our organization to users in our organization. Upon examining the message properties, it is clear that they are being sent through an outside SMTP server. How can I make it so Exchange treats any email sent through an outside SMTP server from an internal address as spam? None of my users need to be able to use an outside SMTP server anyway so it won't interfere with them. Thanks.
0
Comment
Question by:rbichon
  • 2
3 Comments
 
LVL 22

Expert Comment

by:chakko
ID: 33617651
You need to setup an SPF record for that, and then in Exchange activate the Sender ID feature
 Here is info on it from MS
http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx 
Here is other info on SPF
 http://www.openspf.org/
Here is a wizard that will help making the DNS txt record for you.
http://old.openspf.org/wizard.html 
One thing to take note of.  When you make the TXT record at the end of it will be something like ~a
Change this to -a so that it will reject.  ~a setting is like a test mode.
 
0
 
LVL 1

Author Comment

by:rbichon
ID: 33617921
Looks easy enough. Is there a risk of it denying legitimate emails though?
0
 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
ID: 33618056
The basic concept if you list the servers or IP addresses of servers that send out mail from your domain.com name
If someone tries to send email with the from address forged and that server is not on the list you created, then it should reject the email.
If the only mail server sending email for your domain is your server then there shouldn't be any risk.
If you have people sending email from the work address and they use alternate email servers then those emails may have a problem.  You can add the email servers that they use to the SPF record if needed.
In the Exchange side it can accept email that fails the sender ID check but it will add a SPAM value and then the Exchange anti-spam will process it.  Not 100% sure for Exchange 2007, but that's how it worked in 2003.  
I don't think the SPF is foolproof, but it should help
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question