Ivan Keleher
asked on
Exchange 2010 - Spoofing of Internal Email Address Inbound (Accepted Domains)
I have been battling with trying to mitigate inbound phishing emails to our staff. The email FROM header address is that of valid staff to other staff requesting information with a REPLY-TO the fraudster.
I have previously stopped these by enabling SENDER ID rejections on the Exchange 2010 Edge servers.
Unfortunately this prevents valid emails coming in from the internet where organisations neglect to add their SMTP servers to SPF records.
Is there a way to specifically block these emails for our Accepted Domains? Our own SPF records cover all SMTP servers internally and EDM.
Thank you.
I have previously stopped these by enabling SENDER ID rejections on the Exchange 2010 Edge servers.
Unfortunately this prevents valid emails coming in from the internet where organisations neglect to add their SMTP servers to SPF records.
Is there a way to specifically block these emails for our Accepted Domains? Our own SPF records cover all SMTP servers internally and EDM.
Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Removing ms-exch-smtp-accept-author itative-do main-sende r certainly fixes the situation however we use third-party systems such as MailChimp for marketing emails.
When they are delivered to staff email addresses they are blocked, what would be the best way around this?
When they are delivered to staff email addresses they are blocked, what would be the best way around this?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jian emails are sent using the MailChimp servers obviously and those emails are delivered to MX servers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not helpful Jian, anyone else?
why not? since your public receive connector are receiving internet email address and exchange server is directly on MX..
Anyway, I leave it to others to chip in their thoughts.
Anyway, I leave it to others to chip in their thoughts.
ASKER
Your solution is not clear enough. Little effort has been put into explaining each step.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have solved this by using 3rd party cloud services like Mimecast and they have capability to inspect mail from and envelope header, further, they can whitelist the IP address that validate such issues.
by doing others, you probably swapping one problem with anothers.