Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Exchange 2010 SMTP allows send from any user address

We discovered that when users attempt to send mail as another user through outlook it is denied unless they have specific rights to do this.    Which is what we want.    However if using tools outside outlook exchange allows the send from address to be anything.     This is not very secure as I can easily send a message as another user using and SMTP mail connecter.    

How can I correct his behavior.    I do want it to allow SMTP mail as long as the send from address is permitted by that user.

Note this is local domain mail I am referring to.   Outside our network it works as expected.
0
Zoldy2000
Asked:
Zoldy2000
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
That is the standard behaviour for SMTP traffic. SMTP doesn't really pay any attention to the sender. You cannot completely eliminate it. A decent anti-spam scanner should block most of it, and you can use things like SPF records and check your own domain. However you have to be 100% correct to block it as it is very easy to block legitimate email.

Simon.
0
 
Zoldy2000Author Commented:
I am surprised this is standard behavior.   With very little effort I could send an email impersonating my boss or even the CEO?    I can't imagine that to be true standard behavior?    Are you certain?
0
 
Simon Butler (Sembee)ConsultantCommented:
It is called spoofing and is why spam is such a problem. Most spam is spoofed and a common spammer's trick is to send email using the same From domain as the Recipient.

I could send you an email with bill.gates@microsoft.com as the sender if I wished, there is nothing in the standard products that automatically could verify that it was legitimate or not.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now