Hello, I am using Exhcange 2007 and for business purpose I gotta keep some accepted domains... My manager asked me why users belonging to one of our accepted domain were sending emails to {} which are obsiously Spam. - I would like to understand how come I got {} in the recipients field? - Would it be possible to disable sending any email from specific accepted domain (just receiving emails not allowing the sending)? MessageSubject Recipients Sender -------------- ---------- ------ VIAGRA ? -62% discount {} user@prio-accepteddomain.com VIAGRA ? -87% discount {} user1@prio-accepteddomain.com Accepted domain definition DomainName : prio-accepteddomain.com DomainType : Authoritative AddressBookEnabled : False Default : False AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : prio-accepteddomain.com DistinguishedName : CN=prio-accepteddomain.com,CN=Accepted Domains,CN=Transport Settings, Identity : prio-accepteddomain.com Guid : 6340d3a-230-9ea-bd6a-116ab8118 IsValid : True Many thanks in advance for your input. Graig

That is probably spoof or Out of the Office. A common spammers trick is to use the same domain as the target for sending email. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Looks like spoofing like Sembee mentioned, yes you can configure what servers are authoratative for sending as your domains; please provide what type of SPAM solution you're using, the config will be in your spam solution.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

I am NOT using third Party for spam solution. I use the default one in the microsoft Exchange 2007 server... Would you please provide me further information to fight against the spoofing? or any advice for third party solution I should get to fight more efficiently against spoofing.

Have you enabled recipient validation? That can stop a lot of this kind of stuff. However spoofing is very hard to stop, that is why it is so common. All spam is spoofed and it is a common spammers trick. If it was easy to stop it wouldn't be a problem. There are no magic bullets to stop spam. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

In that case configure your receive connectors so that only allowed IPs are configured to send as yourdomain.com. Barat Suneja msft has instructions in his blog. HOW TO: Prevent annoying spam from your own domain http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.htmlJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hello, I am try to figure out whether I would have machines such as copier, printer scaner etc that would use anonymous connection before I run the command: Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | REMOVE-ADPermission I would need to be sure that I could run a roll back in case I haven't been able to indentify all the posible anonymous users. Would the below command do the roll back job: Get-ReceiveConnector “My Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | ADD-ADPermission. @ Sembee: How can I verify whether I have enabled recipient validation

Yes that second command will roll that back. Yes you should be using a separate receive connector for internal relay servers\devices since these are trusted. Create another receive connector first, configure it to allow those servers\devices to relay in the IP permit, verify that it is using the new connector by looking at the receive connector logs then perform the steps in that article. Allowing application servers to relay off Exchange Server 2007 http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Thanks James. By any chance, would you know any good article explaining a bit more about spoofing? I found that http://www.spamlaws.com/how-IP-spoofing-works.html but I wonder if I could get event further information.. Graig

Here's a pretty straight forward article. http://www.windowsecurity.com/articles/Email-Spoofing.htmlJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com