Manage Sender Reputation
Applies to: Exchange Server 2013
Topic Last Modified: 2012-10-03
Sender reputation is provided by the Protocol Analysis agent. Sender reputation blocks messages according to various characteristics of the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to take on an inbound message.
Estimated time to complete each procedure: 5 minutes
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Anti-spam features" entry in the Anti-Spam and Anti-Malware Permissions topic.
You can't use the Exchange admin center (EAC) to perform this procedure. You can only use the Shell.
By default, anti-spam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the anti-spam features on a Mailbox server if your Exchange organization doesn't do any prior anti-spam filtering before accepting incoming messages. For more information, see Enable Anti-Spam Functionality on a Mailbox Server.
The Protocol Analysis agent is the underlying agent for sender reputation functionality. When you disable sender reputation, the Protocol Analysis agent is still enabled.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.
This example disables sender reputation.
Set-SenderReputationConfig -Enabled $false
This example enables sender reputation.
Set-SenderReputationConfig -Enabled $true
To verify that you have successfully enabled or disabled sender reputation, do the following:
Verify the Protocol Analysis agent is installed and enabled by running the following command:
Verify the sender reputation values you configured by running the following command:
By default, sender reputation is enabled for external messages, and disabled for internal messages. A message is considered external if it comes from an unauthenticated connection that's external to your Exchange organization. A message is considered internal if it comes from authenticated connection, and the sender's domain is configured as an authoritative domain in your Exchange organization.
To disable sender reputation for external messages, run the following command:
Set-SenderReputationConfig -ExternalMailEnabled $false
To enable sender reputation for external messages, run the following command:
Set-SenderReputationConfig -ExternalMailEnabled $true
To disable sender reputation for internal messages, run the following command:
Set-SenderReputationConfig -InternalMailEnabled $false
To enable sender reputation for internal messages, run the following command:
Set-SenderReputationConfig -InternalMailEnabled $true
To verify that you have successfully enabled or disabled sender reputation for internal and external messages, do the following:
Run the following command:
Verify the values displayed match the values you configured.
To configure the sender reputation properties, run the following command:
Set-SenderReputationConfig -SrlBlockThreshold <Value> -SenderBlockingPeriod <Hours>
This example sets the sender reputation level (SRL) block threshold to 6 and configures sender reputation to add offending senders to the IP Block List for 36 hours:
Set-SenderReputationConfig -SrlBlockThreshold 6 -SenderBlockingPeriod 36
You may need to perform additional steps to allow sender reputation to traverse any firewalls that are between the Internet and the Exchange server that's running the Protocol Analysis agent. The following table lists the outbound ports that are required for sender reputation.
Wingate, Telnet, Cisco
HTTP CONNECT, HTTP POST
6588, 3128, 80
To configure outbound access for the detection of open proxy servers, run the following command:
Set-SenderReputationConfig -ProxyServerName <String> -ProxyServerPort <Port> -ProxyServerType <String>
This example configures sender reputation to use the open proxy server named SERVER01 that uses the HTTP CONNECT protocol on port 80.
Set-SenderReputationConfig - ProxyServerName SERVER01 -ProxyServerPort 80 -ProxyServerType HttpConnect