1

Is there a way to set a spf filter on an exchange server 2013 so we only are checking for a valid SPF on our domain only? E.g. our domain is @widgets.com and I want to allow all people with no spf through provided they aren't from our own domain? We get a lot of fake emails from many public IPs that are from lets say info22@widgets.com - there is no one internally with that email address but the end users will open it thinking it is valid.

gavin
  • 111
  • 1

2 Answers2

1

Use an Exchange Transport rule with two conditions:

  1. If the sender “is external.”
  2. If the sender “address matches any of these text patterns: @widgets.com$
  3. Action: Block the message -> delete without notifying anyone.

I recommend testing this rule by forwarding the message to yourself rather than deleting it blindly, first.

This will drop all messages coming in externally that are using an email address from your domain name. Beware that many times people use services like constant contact or other third party applications that will be blocked by this rule. Make sure you whitelist particular IP addresses, etc.

https://technet.microsoft.com/en-us/library/dd638183(v=exchg.160).aspx#Senders

Additionally, you should make sure your own SPF records are setup correctly so other mail servers will also drop or flag spoofed mail from your domain.

Finally, you should have SPF checking enabled. Even if you don’t drop messages with SPF failures, at least set them to SCL 9 and send them to the user’s junk folder. This is a simple and effective way to protect users from spoofed email from other domains.

Appleoddity
  • 3,488
  • 2
  • 13
  • 33
0

Actually the Sender ID filter will check the SPF record status of all messages instead of your domain only. We can set bypass domain and sender by Set-SenderIdConfig, however we cannot enable it for your domain only.

For current situation, why not enable Sender ID and check SPF status for all message? And, add some safe domain into bypass domain if you want.

Note: analyze message header to view the real sender, IP and SPF check status, it's very helpful to prevent the spam

Jianfei Wang
  • 387
  • 1
  • 4