Exchange messages with a blank sender field must be filtered.

From MS Exchange 2013 Edge Transport Server Security Technical Implementation Guide

Associated with: CCI-001308

SV-84485r2_rule Exchange messages with a blank sender field must be filtered.

Vulnerability discussion

By performing filtering at the perimeter, up to 90 percent of spam, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. Anonymous email (messages with blank sender fields) cannot be replied to. Messages formatted in this way may be attempting to hide their true origin to avoid responses or to spam any receiver with impunity while hiding their source of origination. Rather than spend resources and risk infection while evaluating them, it is recommended that these messages be filtered immediately upon receipt and not forwarded to end users.

Check content

This requirement is N/A for SIPR enclaves. This requirement is N/A if the organization subscribes to EEMSG or other similar DoD enterprise protections for email services. Open the Exchange Management Shell and enter the following command: Get-SenderFilterConfig | Select Name, BlankSenderBlockingEnabled If the value of BlankSenderBlockingEnabled is not set to True, this is a finding.

Fix text

Open the Exchange Management Shell and enter the following command: Set-SenderFilterConfig -BlankSenderBlockingEnabled $true

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.