Configuring sender ID filtering
Applies to: Forefront Protection for Exchange
Sender ID filtering automatically checks the IP address of the sending MTA against the registered Sender of Policy Framework (SPF) records in the Domain Name System (DNS). These records identify authorized outbound e-mail servers that can legitimately send e-mail of behalf of specified domain.
To use Sender ID filtering, you need to enable the feature and then configure the action for the setting.
To enable Sender ID filtering
In the Forefront Protection 2010 for Exchange Server Administrator Console Policy Management tree view, expand Antispam, then click Configure.
In the Antispam – Configure pane, in the Sender ID filter section, select the Enable sender ID filtering check box.
After you have enabled Sender ID Filtering, you can configure the action FPE should take when a sender ID record does not contain the sending MTA’s IP address.
You have several options for dealing with messages that fail Sender ID verification:
Reject message—The message is rejected before being accepted into the Exchange organization.
Delete message—The message is deleted without issuing a DNR back to the sender.
Stamp header and continue processing—The message is stamped with the Sender ID header that indicates the status of the message and allowed to be processed further by FPE.
To configure the action for messages that fail Sender ID verification
In the FPE Administrator Console Policy Management tree view, expand Antispam, and then click Configure.
In the Sender ID Filtering section, select the action you would like FPE to take when a message fails sender ID verification, and then click Save at the top of the pane to save your setting.