Prevent spoofing of internal domain

Is there anything internally on the Exchange side that I can do to prevent the spoofing of our internal mail domain.  We have been getting some emails appearing to come form internal users to other internal users.  Upon inspection of the suspicion email the mail from looks legitimate but the but the actually reply address and return path are external internet addresses.

Is there a setting on the receive connector I can use to prevent this?  Should annoymous but allowed or disallowed on the receive connectors for example?
georgedschneiderAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tshearonCommented:
You want to be careful not to remove anonymous from all of your receive connectors lest you stop getting any outside mail at all. What you probably want to do is make sure you have set up an SPF record for your domain and have some type of anti-spam solution in place. This article right from this site should help.

www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27965646.html
0
Gareth GudgerCommented:
What are you using for message hygiene? A lot of appliances and cloud providers will reject any messages claiming to be from the internal domain but coming from an external source.

As Tshearon pointed out an SPF record can help as well.
0
georgedschneiderAuthor Commented:
Couldn't you use something similar to the following which will remove rights to the anonymous user on the the receive connector to prevent spoofing of the internal domain coming form the outside:



Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

georgedschneiderAuthor Commented:
To answer the previous question I'm using Exchange Online Protection for message hygiene currently.
0
Gareth GudgerCommented:
Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

I have seen this documented a lot out there but never used it. The big question is why is Exchange Online Protection allowing the domain spoofing through. Never seen that on any of my EOP clients. Have you placed a ticket with EOP?

Also, make sure you are only accepting mail from EOPs IPs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
georgedschneiderAuthor Commented:
Let me reach out to EOP to see why this got past.  I agree this shouldn't have happened.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.