Default Authentication Settings

By default, Exchange 2003 does not resolve a sender's e-mail address unless the sender uses a client program such as Outlook or Outlook Web Access to authenticate against an Exchange server. When Exchange receives a message from an authenticated client, it verifies that the sender is in the global address list (GAL), and if so, resolves the user's display name (in the From line) on the message. If the original message was submitted without authentication, Exchange 2003 marks the message as un-authenticated at its point of origin and transfers that information from server to server. In this case, the sender's address is not resolved to the GAL display name (for example Ted Bremer); instead, it is displayed to the recipient in its SMTP format (for example, ted@contoso.com). You should educate your users to be suspicious of messages that claim to be from other users in your organization but are not resolved to the GAL display name.

However, Exchange 2000 does resolve messages submitted anonymously. For this reason, if you are upgrading from Exchange 2000, it is recommended that you upgrade gateway servers to Exchange 2003 before upgrading mailbox and other Exchange servers. Alternatively, to prevent your Exchange 2000 servers from resolving anonymous mail, you can perform the procedure How to Prevent Exchange 2000 From Resolving Anonymous E-mail Messages.