Sender reputation procedures
Applies to: Exchange Server 2016
Topic Last Modified: 2016-03-14
Learn how to configure sender reputation in Exchange 2016, and how to verify the sender reputation settings.
Sender reputation and the Protocol Anaysis agent block unwanted messages according to various characteristics of the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to take on an inbound message. For more information, see Sender reputation and the Protocol Analysis agent.
Estimated time to complete each procedure: 5 minutes
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Antispam features" entry in the Antispam and antimalware permissions topic.
You can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.
By default, antispam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the antispam features on a Mailbox server if your Exchange organization doesn't do any prior antispam filtering before accepting incoming messages. For more information, see Enable antispam functionality on Mailbox servers.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
To disable sender reputation, run the following command:
Set-SenderReputationConfig -Enabled $false
To enable sender reputation, run the following command:
Set-SenderReputationConfig -Enabled $true
The Protocol Analysis agent is the underlying agent for sender reputation functionality. When you disable sender reputation, the Protocol Analysis agent is still enabled. To disable the Protocol Analysis agent, run the command: |
By default, sender reputation is enabled for external messages (messages from external sources).
To disable sender reputation for external messages, run the following command:
Set-SenderReputationConfig -ExternalMailEnabled $false
To enable sender reputation for external messages, run the following command:
Set-SenderReputationConfig -ExternalMailEnabled $true
As a best practice, you don't need to apply antispam filters to messages from trusted partners or from inside your organization. There's always a chance that the filters will detect false positives. To reduce the chance that filters will mishandle legitimate email messages, you should typically configure antispam agents to only run on messages from untrusted and unknown sources.
To enable sender reputation for internal messages, run the following command:
Set-SenderReputationConfig -InternalMailEnabled $true
To disable sender reputation for internal messages, run the following command:
Set-SenderReputationConfig -InternalMailEnabled $false
Sender blocking uses the calculated sender reputation level (SRL) of the sender and a specified SRL threshold to temporarily block the sender. To configure the sender blocking in sender reputation, use the following syntax:
Set-SenderReputationConfig -SenderBlockingEnabled <$true | $false> -SrlBlockThreshold <0 - 9> [-SenderBlockingPeriod <0 - 48>]
This example lowers the sender reputation level (SRL) block threshold to 6 (which means senders with an SRL of 6, 7, 8, or 9 are blocked), and blocks the offending senders for 36 hours:
Set-SenderReputationConfig -SrlBlockThreshold 6 -SenderBlockingPeriod 36
This example disables sender blocking.
Set-SenderReputationConfig -SenderBlockingEnabled $false
The default value of the SenderBlockingEnabled parameter is
The default value of the SenderBlockingPeriod parameter is 24.
The default value of the SrlBlockThreshold parameter is 7.
You can't disable sender blocking and open proxy server detection at the same time. One must be enabled when the other is disabled, or they both can be enabled.
By default, sender reputation uses open proxy server detection as one of the criteria to calculate the SRL of the source server. In open proxy server detection, the Exchange server tries to send a test message from the source messaging server. If the test message is successfully delivered back to the Exchange server, it indicates the source server is configured as an open proxy server (intentionally or unintentionally).
Open proxy server detection uses the protocols and TCP ports that are described in the following table, so these outbound ports need to be open in your firewall:
Wingate, Telnet, Cisco
HTTP CONNECT, HTTP POST
6588, 3128, 80
Also, if your organization uses a proxy server to control outbound Internet traffic, you need to configure sender reputation to use your proxy server to access the Internet. Specifically, you need to define the proxy server name, type, and TCP port that sender reputation requires to access the Internet.
To configure open proxy server detection in sender reputation, use the following syntax:
Set-SenderReputationConfig -OpenProxyDetectionEnabled <$true | $false> [-ProxyServerName <String> -ProxyServerPort <Port> -ProxyServerType <None | Socks4 | Socks5 | HttpConnect | HttpPost | Telnet | Cisco | Wingate>]
This example configures sender reputation to connect to the Internet through the proxy server named SERVER01 that uses the HTTP CONNECT protocol on port 80.
Set-SenderReputationConfig -ProxyServerName SERVER01 -ProxyServerPort 80 -ProxyServerType HttpConnect
This example disables open proxy server detection in sender reputation.
Set-SenderReputationConfig -OpenProxyDetectionEnabled $false
The default value of the OpenProxyDetectionEnabled parameter is
The default value of the ProxyServerName parameter is blank (
The default value of the ProxyServerPort parameter is 0.
The default value of the ProxyServerType parameter is
You can't disable open proxy server detection and sender blocking at the same time. One must be enabled when the other is disabled, or they both can be enabled.