[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

Filter recipients who are not in the Directory

Hello,

I have this setting enabled "Filter recipients who are not in the Directory" in our Exchange Server 2003. However, our consulting company has advised to remove this setting to prevent hackers from farming for valid e-mail addresses. Any thoughts on this? Do you guys leave this setting on or off and why? Thanks!
0
vrosas_03
Asked:
vrosas_03
1 Solution
 
TPAMisfitCommented:
I think Microsoft recommends not enabling this feature because once you do, a Directory Harvest Attack can be used to gain knowledge of the valid e-mail addresses in your organization. Personally, we have it enabled and use the Tar pit KB to help difuse any attacks.

See MS article:

After you enable recipient filtering, a certain technique may be used against your Exchange server to gather information about the valid e-mail addresses in your organization. This technique is known as a Directory Harvest Attack.

For more information about how to help prevent this kind of attack, click the following article number to view the article in the Microsoft Knowledge Base:
 842851  SMTP tar pit feature for Windows Server 2003
0
 
vrosas_03Author Commented:
Thanks. I guess I'll have to remove on my end for security.

0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now