Exchange letting spoofed emails through

kesslerkare used Ask the Experts™
I am running Exchange 2010 and we have a SPF record set including the exchange server's IP address. We are still getting spoofed incoming email and the header shows the following:

X-MS-Exchange-Organization-Antispam-Report: SenderOnRecipientSafeSendersList
X-MS-Exchange-Organization-SCL: -1
I have the SenderID enabled

Why does Exchange think this spoofed user is on the safe sender list when his originating IP does match our IP?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gaurav SinghSolutions Architect

Did u checked the safe sender list on Exchange?


The safe sender list is empty. The other thing is that the spoofed email user is a local user email address, meaning the incoming email shows as coming from an internal user on the local domain. Do I need to enable the SenderId for Internal to catch this?
Solutions Architect
check the settings on the receive connectors, this might be lying there.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial