none
deny neutral spf status on exchange edge 2013

    Question

  • How do you deny neutral SPF status on exchange edge 2013?

    We already did "Set-SenderIDConfig -SpoofedDomainAction Reject"

    How do you deny neutral SPF status?


    bostjanc

    Wednesday, December 30, 2015 7:30 PM

Answers

  • Hi,

    SenderIDConfig cannot block email based on neutral SPF status. Your only options are to block spoofed email or temp errors using these options:

    • SpoofedDomainAction
    • TempErrorAction

    More information on this cmdlet can be found here: https://technet.microsoft.com/en-us/library/aa998859(v=exchg.160).aspx.

    You shouldn't be blocking email with a neutral SPF status according to RFC 7208 (https://tools.ietf.org/html/rfc7208#section-8.1):

    A "neutral" result indicates that although a policy for the identity was discovered, there is no definite assertion (positive or negative) about the client. A "neutral" result MUST be treated exactly like the "none" result; the distinction exists only for informational purposes. Treating "neutral" more harshly than "none" would discourage ADMDs from testing the use of SPF records (see Section 10.1).

    The none result:

    With a "none" result, the SPF verifier has no information at all about the authorization or lack thereof of the client to use the checked identity or identities. The check_host() function completed without errors but was not able to reach any conclusion.

    Basically you shouldn't be making any block decisions when the SPF status is neutral and this is probably why the option doesn't exist in Exchange. 

    If you find that you're getting spam from SPF neutral domains then consider using IP blocklists or changing your content filter settings to compensate. 

    Thanks.


    Please mark as an answer if this answers your question

    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010, MCTS SQL 2012, MCTS SharePoint 2007, VCP4, VCP5, CCNA

    Blog: http://markgossa.blogspot.com   LinkedIn:

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.


    Wednesday, December 30, 2015 9:47 PM