New migration from Exchange 2010 to Exchange 2013 latest patch.
Symantec Mail Security for Exchange (latest version).
Internal users receiving small amounts of phishing emails from spoofed domain email address.
e.g. email@example.com recieves email from firstname.lastname@example.org claiming to be internal user.
If you click reply then the reply address is obviously a different email domain account (malicious user).
This is a single installation of Exchange, internet facing.
In an earlier post Simon Butler suggested that this installation is "fine"....and also quotes...
"Sender ID etc is no good unless you have your own domain setup correctly.
You need to put in SPF records in to the DNS. If your internal DNS domain name matches your external then you will also need SPF records on your internal DNS. "
Please can anyone explain this further?
Is there anywhere written that explains exactly how to stop this behavior in Exchange 2013?
Also I noticed that in my Exchange Admin Centre, under "protection" section I cannot see "antispam" feature installed, only "MALWARE feature".
In Exchange 2010 Antispam settings were setup correctly, but I cant find them in Exchange 2013.
I should note that these phishing emails are going into Outlook client "junk" folder, but still I would like to be more protected.