<div>
if you follow the above method, then no internet email with your domain will arrive to your systems that could potential block legit email.<br />
<br />
I have solved this by using 3rd party cloud services like Mimecast and they have capability to inspect mail from and envelope header, further, they can whitelist the IP address that validate such issues.<br />
<br />
by doing others, you probably swapping one problem with anothers.
</div>


<div>
Removing ms-exch-smtp-accept-author<wbr />itative-do<wbr />main-sende<wbr />r certainly fixes the situation however we use third-party systems such as MailChimp for marketing emails.<br />
<br />
When they are delivered to staff email addresses they are blocked, what would be the best way around this?
</div>


<div>
Jian emails are sent using the MailChimp servers obviously and those emails are delivered to MX servers.
</div>


<div>
Not helpful Jian, anyone else?
</div>


<div>
why not? since your public receive connector are receiving internet email address and exchange server is directly on MX..<br />
Anyway, I leave it to others to chip in their thoughts.
</div>


<div>
Your solution is not clear enough. Little effort has been put into explaining each step.
</div>


<div>
<div class="content wysiwyg-content">
I have been battling with trying to mitigate inbound phishing emails to our staff. The email FROM header address is that of valid staff to other staff requesting information with a REPLY-TO the fraudster.<br />
<br />
I have previously stopped these by enabling SENDER ID rejections on the Exchange 2010 Edge servers.<br />
<br />
Unfortunately this prevents valid emails coming in from the internet where organisations neglect to add their SMTP servers to SPF records.<br />
<br />
Is there a way to specifically block these emails for our Accepted Domains? Our own SPF records cover all SMTP servers internally and EDM.<br />
<br />
<br />
Thank you.
</div>
</div>


I have been battling with trying to mitigate inbound phishing emails to our staff. The email FROM header address is that of valid staff to other staff requesting information with a REPLY-TO the fraudster.

I have previously stopped these by enabling SENDER ID rejections on the Exchange 2010 Edge servers.

Unfortunately this prevents valid emails coming in from the internet where organisations neglect to add their SMTP servers to SPF records.

Is there a way to specifically block these emails for our Accepted Domains? Our own SPF records cover all SMTP servers internally and EDM.


Thank you.

Exchange 2010 - Spoofing of Internal Email Address Inbound (Accepted Domains)

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

Email Servers

Various techniques are used to prevent email spam (unsolicited bulk email). No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives) - and the associated costs in time and effort. Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by email administrators, those that can be automated by email senders and those employed by researchers and law enforcement officials.

AntiSpam

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.