Protecting Against Address Spoofing
Topic Last Modified: 2006-03-20
A common technique spammers use is to configure the From line in an e-mail message to hide the sender's identity. Although SMTP does not require verification of a sender's identity, Exchange 2003 provides the following functionality to help minimize address spoofing.
By default, Exchange 2003 does not resolve a sender's e-mail address unless the sender uses a client program such as Outlook or Outlook Web Access to authenticate against an Exchange server. When Exchange receives a message from an authenticated client, it verifies that the sender is in the global address list (GAL), and if so, resolves the user's display name (in the From line) on the message. If the original message was submitted without authentication, Exchange 2003 marks the message as un-authenticated at its point of origin and transfers that information from server to server. In this case, the sender's address is not resolved to the GAL display name (for example Ted Bremer); instead, it is displayed to the recipient in its SMTP format (for example, firstname.lastname@example.org). You should educate your users to be suspicious of messages that claim to be from other users in your organization but are not resolved to the GAL display name.
However, Exchange 2000 does resolve messages submitted anonymously. For this reason, if you are upgrading from Exchange 2000, it is recommended that you upgrade gateway servers to Exchange 2003 before upgrading mailbox and other Exchange servers. Alternatively, to prevent your Exchange 2000 servers from resolving anonymous mail, you can perform the procedure How to Prevent Exchange 2000 From Resolving Anonymous E-mail Messages.
If your organization contains multiple forests, you can configure trusts between forests such that SMTP bridgehead servers require authentication.
|Workflow applications may submit mail anonymously; therefore, before you configure authentication in your organization, be sure to evaluate your workflow application needs.|
For information about how to configure cross-forest authentication, see "Transport and Message Flow Features" in What's New in Exchange Server 2003.
Although Exchange 2003 provides the ability for client-side users to recognize spoofed mail, you should turn off anonymous SMTP access on all internal Exchange servers. Turning off anonymous access helps assure that only authenticated users can submit messages within your organization. In addition, requiring authentication forces client programs such as Outlook Express and Outlook using RPC over HTTP to authenticate before sending mail.
If you receive messages directly from other domains on the Internet, you can configure your SMTP virtual server to perform a reverse Domain Name System (DNS) lookup on incoming e-mail messages. This verifies that the Internet Protocol (IP) address and fully qualified domain name (FQDN) of the sender's mail server corresponds to the domain name listed in the message. However, consider the following limitations to reverse DNS lookups:
The sender's IP address may not be in the reverse DNS lookup record, or the sending server may have multiple names for the same IP, not all of which may be available from the reverse DNS lookup record.
Reverse DNS lookups place an additional load on the Exchange server.
Reverse DNS lookups require that the Exchange server is able to contact the reverse lookup zones for the sending domain.
Performing reverse DNS lookups on each message can result in a substantial decrease in performance due to increased latency.
|For more information about using reverse DNS lookup, see Microsoft Knowledge Base article 319356, "HOW TO: Prevent Unsolicited Commercial E-Mail in Exchange 2000 Server."|