locked
How to block spoofed email from email local domain RRS feed

  • Question

  • Dear Ms

    I have system mail exchange 2016.

    Recently users have been sent by their own e-mail, but email is not correct. Example: domain abc.com, fake@abc.com send real@abc.com.
    Is there any way of preventing this spoofed email?

    Many thanks

    Wednesday, August 23, 2017 10:46 AM

Answers

  • https://msexchangemaster.blogspot.com/2017/06/exchange-2013-is-relaying-spam.html


    Please click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, August 23, 2017 4:41 PM
  • Have you checked messaged header where the email originated from?

    You need to implement SPF+DKIM+DMARC to avoid fraud and spoof emails.

    To avoid people telnet to your server and send email to other domains, you need to enable recipient agent filter:

    To check if your server is using the AddressBook for validation run the following command:

    Get-AcceptedDomain | Format-List Name,AddressBookEnabled

     It should provide you with a list of all accepted domains and if the AddressBook is enable or not. If by any chance Exchange is not Authoritative and the AddressBook is disabled then enable it with:

    Set-AcceptedDomain <name of accepted domain> -AddressBookEnabled $true

    Or, to enable for all domains (caution, make sure you are not relaying any domains before running this)

    Get-AcceptedDomain | Set-AcceptedDomain -AddressBookEnabled $true

    Now you should have Recipient Filter on your Mailbox Server and AddressBook enabled on your domain. However, if you test this now, it probably still will not work. That is because Validation is still disabled.

    To check the status of validation run the following

    Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled 

     It should return that Recipient Filter is enable, but validation is not

    Enabled: True
    RecipientValidationEnabled : False

    3. To enable validation run the following Set-RecipientFilterConfig -RecipientValidationEnabled $true
     
    4. Restart the Exchange Transport service


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, August 23, 2017 11:54 AM
  • Hi,

    DMARC is only a DNS record and DKIM is only available if you use Exchange Online. For On-premise you will have to use 3rd part spam provider. You could also install some 3rd part and I think there are some available through GitHub. Its not recommended if its a big company, then better to look for spam provider that supports it.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Thursday, August 24, 2017 6:09 AM

All replies

  • Have you checked messaged header where the email originated from?

    You need to implement SPF+DKIM+DMARC to avoid fraud and spoof emails.

    To avoid people telnet to your server and send email to other domains, you need to enable recipient agent filter:

    To check if your server is using the AddressBook for validation run the following command:

    Get-AcceptedDomain | Format-List Name,AddressBookEnabled

     It should provide you with a list of all accepted domains and if the AddressBook is enable or not. If by any chance Exchange is not Authoritative and the AddressBook is disabled then enable it with:

    Set-AcceptedDomain <name of accepted domain> -AddressBookEnabled $true

    Or, to enable for all domains (caution, make sure you are not relaying any domains before running this)

    Get-AcceptedDomain | Set-AcceptedDomain -AddressBookEnabled $true

    Now you should have Recipient Filter on your Mailbox Server and AddressBook enabled on your domain. However, if you test this now, it probably still will not work. That is because Validation is still disabled.

    To check the status of validation run the following

    Get-RecipientFilterConfig | FL Enabled,RecipientValidationEnabled 

     It should return that Recipient Filter is enable, but validation is not

    Enabled: True
    RecipientValidationEnabled : False

    3. To enable validation run the following Set-RecipientFilterConfig -RecipientValidationEnabled $true
     
    4. Restart the Exchange Transport service


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, August 23, 2017 11:54 AM
  • https://msexchangemaster.blogspot.com/2017/06/exchange-2013-is-relaying-spam.html


    Please click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, August 23, 2017 4:41 PM
  • Dear Off2work,

    Many thanks. I configured SPF however I have not been  implement DKIM+DMARC not yet configure. Please me send link or guide configure DKIM+DMARC for System Mail Exchange 2016.

    I will try to follow tasks your guide check in exchange (1,..2,3, 4) in below.

    Many thanks


    Thursday, August 24, 2017 1:23 AM
  • Hi,

    DMARC is only a DNS record and DKIM is only available if you use Exchange Online. For On-premise you will have to use 3rd part spam provider. You could also install some 3rd part and I think there are some available through GitHub. Its not recommended if its a big company, then better to look for spam provider that supports it.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Thursday, August 24, 2017 6:09 AM
  • Many thanks Off2Work 
    Friday, August 25, 2017 2:25 AM