Avatar of kesslerkare
kesslerkare
 asked on

Exchange letting spoofed emails through

I am running Exchange 2010 and we have a SPF record set including the exchange server's IP address. We are still getting spoofed incoming email and the header shows the following:

X-MS-Exchange-Organization-Antispam-Report: SenderOnRecipientSafeSendersList
X-MS-Exchange-Organization-SCL: -1
 
I have the SenderID enabled

Why does Exchange think this spoofed user is on the safe sender list when his originating IP does match our IP?
Email Servers

Avatar of undefined
Last Comment
Systech Admin

8/22/2022 - Mon
Systech Admin

Did u checked the safe sender list on Exchange?
kesslerkare

ASKER
The safe sender list is empty. The other thing is that the spoofed email user is a local user email address, meaning the incoming email shows as coming from an internal user on the local domain. Do I need to enable the SenderId for Internal to catch this?
ASKER CERTIFIED SOLUTION
Systech Admin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes