georgedschneider
asked on
Prevent spoofing of internal domain
Is there anything internally on the Exchange side that I can do to prevent the spoofing of our internal mail domain. We have been getting some emails appearing to come form internal users to other internal users. Upon inspection of the suspicion email the mail from looks legitimate but the but the actually reply address and return path are external internet addresses.
Is there a setting on the receive connector I can use to prevent this? Should annoymous but allowed or disallowed on the receive connectors for example?
Is there a setting on the receive connector I can use to prevent this? Should annoymous but allowed or disallowed on the receive connectors for example?
What are you using for message hygiene? A lot of appliances and cloud providers will reject any messages claiming to be from the internal domain but coming from an external source.
As Tshearon pointed out an SPF record can help as well.
As Tshearon pointed out an SPF record can help as well.
ASKER
Couldn't you use something similar to the following which will remove rights to the anonymous user on the the receive connector to prevent spoofing of the internal domain coming form the outside:
Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-autho ritative-d omain-send er”} | Remove-ADPermission
Get-ReceiveConnector “Inbound Email” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-autho
ASKER
To answer the previous question I'm using Exchange Online Protection for message hygiene currently.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let me reach out to EOP to see why this got past. I agree this shouldn't have happened.
www.experts-exchange.com/S