Messages with malformed from address must be rejected.

From Exchange 2010 Edge Transport Server STIG

Associated with IA controls: ECSC-1

SV-44051r1_rule Messages with malformed from address must be rejected.

Vulnerability discussion

Sender Identification (SID) is an email anti-spam sanitization process. Sender ID uses DNS MX record lookups to verify the SMTP sending server is authorized to send email for the originating domain. Failure to implement Sender ID risks that SPAM could be admitted into the email domain that originates from rogue servers. Most SPAM content originates from domains where the IP address has been spoofed prior to sending, thereby avoiding detection. For example, messages with malformed or incorrect 'purported responsible sender' data in the message header could be (best case) created by using RFI non-compliant software, but is more likely to be SPAM.

Check content

Open the Exchange Management Shell and enter the following command: Get-SenderIdConfig | Select Name, Identity, SpoofedDomainAction If the value of 'SpoofedDomainAction' is not set to 'Reject', this is a finding.

Fix text

Open the Exchange Management Shell and enter the following command: Set-SenderIdConfig -SpoofedDomainAction Reject

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.