Exchange letting spoofed emails through

I am running Exchange 2010 and we have a SPF record set including the exchange server's IP address. We are still getting spoofed incoming email and the header shows the following:

X-MS-Exchange-Organization-Antispam-Report: SenderOnRecipientSafeSendersList
X-MS-Exchange-Organization-SCL: -1

I have the SenderID enabled

Why does Exchange think this spoofed user is on the safe sender list when his originating IP does match our IP?

Email Servers

Last Comment

Systech Admin

8/22/2022 - Mon

Systech Admin

8/19/2015

Did u checked the safe sender list on Exchange?

kesslerkare

8/19/2015

ASKER

The safe sender list is empty. The other thing is that the spoofed email user is a local user email address, meaning the incoming email shows as coming from an internal user on the local domain. Do I need to enable the SenderId for Internal to catch this?

ASKER CERTIFIED SOLUTION

Systech Admin

8/19/2015

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!