Exchange 2013 Stop Spoof Emails from Internal addresses

Miffanwee used Ask the Experts™
New migration from Exchange 2010 to Exchange 2013 latest patch.
Symantec Mail Security for Exchange (latest version).

Internal users receiving small amounts of phishing emails from spoofed domain email address.
e.g. recieves email from claiming to be internal user.
If you click reply then the reply address is obviously a different email domain account (malicious user).

This is a single installation of Exchange, internet facing.

In an earlier post Simon Butler suggested that this installation is "fine"....and also quotes...

"Sender ID etc is no good unless you have your own domain setup correctly.
You need to put in SPF records in to the DNS. If your internal DNS domain name matches your external then you will also need SPF records on your internal DNS. "

Please can anyone explain this further?

Is there anywhere written that explains exactly how to stop this behavior in Exchange 2013?

Also I noticed that in my Exchange Admin Centre, under "protection" section  I cannot see "antispam" feature installed, only "MALWARE feature".
In Exchange 2010 Antispam settings were setup correctly, but I cant find them in Exchange 2013.

I should note that these phishing emails are going into Outlook client "junk" folder, but still I would like to be more protected.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
First I would recommend you have your Anti-Virus on all your PCs if you do not already. If you do make sure they are up to date and run scans asap.Second you can find one of the messages and use it to track where it came from by using the message tracking described in this article:

If you are using the builtin 2013 antispam then block your own domain with sender filtering:

You may also take help from below given earlier discussed thread -

Preventing Email Spoofing on Exchange Server 07,10 & 13:

Internal user sending phishing/spoofed email:

Hope it helps you!


woo, thanks.
I will have a read through that lot!
Built in 2013 Antispam? I cannot find it in my installation.


aha, i need to install using a script!
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Microsoft Exchange Server 2013 customers are automatically provided with anti-spam and anti-malware protection to get in detailed please check this:


Why on earth has Microsoft turned this AntiSpam stuff into Poweshell interface???


Hi Vincent,
Many thanks for your advice.
Could you explain the " block your own domain with sender filtering:" bit?
That's a bit confusing.


Many thanks for help on this matter

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial