The Exchange Block List service provider must be identified.

From MS Exchange 2013 Edge Transport Server Security Technical Implementation Guide

Part of SRG-APP-000261

Associated with: CCI-001308

SV-84501r1_rule The Exchange Block List service provider must be identified.

Vulnerability discussion

Block List filtering is a sanitization process performed on email messages prior to their arrival at the destination mailbox. By performing this process at the email perimeter, threats can be eliminated outside the enclave, where there is less risk they can do harm. Block List services (sometimes called Reputation Data services) are fee-based data providers that collect the IP addresses of known spammers and other malware purveyors. Block List service subscribers benefit from more effective spam elimination. (Spam is estimated to compose up to 90 percent of inbound mail volume.) Failure to specify a Block List provider risks that manual email administration effort would be needed to maintain and update larger Block Lists than a single email site administrator could conveniently or accurately maintain. The Block List service vendor provides a value for this field, usually the Domain Name System (DNS) suffix for its domain.

Check content

If not using a service provider, this requirement is not applicable. Review the Email Domain Security Plan (EDSP). Determine the name and information for the Block List provider. Open the Exchange Management Shell and enter the following command: Get-IPBlockListProvider | Select Name, Identity, LookupDomain If the values for Name, GUID, and LookupDomain are not configured, this is a finding.

Fix text

Update the EDSP. Open the Exchange Management Shell and enter the following command: Set-IPBlockListProvider -Name [Additional optional parameters as required by the service provider]

Pro Tips

Powered by sagemincer