Spoofed spam email prevention with Mail Security for Microsoft Exchange

book

Article ID: 177458

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Spam messages appear to be sent from your own domain (spoofed spam email).
Example: [email protected] receives a spam mail from [email protected] 
Remediation is needed.

Cause

This is occuring because the Exchange server does not have the correct security configuration and is not protected correctly by a security device on the gateway level. Spammers have found existing email addresses in your domain and are targeting these email addresses.

Resolution

It is not possible to stop spoofed spam email using Symantec Mail Security for Microsoft Exchange. However there are a number of things to consider regarding how to stop these on your Exchange server and in your environment.

Symantec Mail Security:


Ensure your own domain has not been added to the Sender White List:

  1. Go to Policies > Antispam > Whitelist in the SMSMSE console.

  2. Verify your domain(s) are not listed in the Allowed Senders box.
  3. Verify the email account(s) getting the spam are not listed in the Unfiltered Recipents List.
  4. Make sure after making any changes to click Deploy changes.

Ensure all reputation services are enabled

  • Go to Policies > Antispam > Premium AntiSpam in the SMSMSE console.
  • Verify the following are selected under Reputation Services
    • Enable Ruleset based Sender IP Reputation
    • Suspect list
    • Fast Pass
    • Marketing email
    • News letter
    • Suspected URL

Exchange 2003 server:

Exchange 2007 and Exchange 2010:

Exchange 2013 and 2016:

Other options to consider in your environment:

  • Consider Gateway Security Appliances such as Symantec Messaging Gateway. Gateway security products are more capable of handling spoofed spam attacks.