Re: Exchange SP2

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sun, 23 Oct 2005 12:00:25 -0400

On 10/23/05, Andrew English <andrew@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> How does the new features for Exchange Message Delivery system works.
>
> Secure ID Filtering; what does this do exactly? Does it ask the sender
> to send a request to the exchange user to be added to his accepted list
> or am I thinking of something completely different?
>
> And I am not sure what Perimeter IP List and IP Range Configuration
> does?

Start here http://blogs.technet.com/exchange/archive/category/10058.aspx -
and then you wil also find this:

*"Sender ID Filtering:*

Sender ID is an industry standard framework created to counter e-mail domain
spoofing. Sender ID is aimed at removing the ambiguity associated with the
sender identity by verifying that each e-mail message originates from the
Internet domain from which it claims to come based on the sending server's
IP address. Eliminating domain spoofing will help legitimate senders protect
their domain names and reputations, and help recipients more effectively
identify and filter junk e-mail and phishing scams.

The steps in the process are:

1. The Sender sends an e-mail message to the Receiver.
2. The Receiver's inbound mail server receives the mail.
3. The Receiver's server checks for the SPF record of the sending domain
published in the Domain Name System (DNS) record.
4. The Receiver's e-mail server determines if the sending e-mail server's IP
address matches the IP address that is published in the DNS record.

Sender ID defines an algorithm for detecting the email address of the entity
that is most recently responsible for injecting a message into the email
system by extracting the *Purported Responsible Address* (PRA). The
extraction of the PRA ensures Sender ID verifies the appropriate sender
against the correct IP addresses as email systems can legitimately forward
mail on behalf of other mail servers.

The Sender ID feature has 3 modes:

1. Delete (silent delete - no NDR generated)
2. Reject (the mail will be rejected at the protocol level)
3. Accept (the mail item will be stamped with the Sender ID result for IMF
consumption).

The first and second mode will delete or reject mail that failed the Sender
ID verification (i.e. a clear case of spoofing), the rest of the mail items
will be stamped with the Sender ID status and passed along. The last option
will just stamp the Sender ID status onto the mail item (even in the case of
spoofing). This status will be passed to the new Intelligent Message Filter
and trigger appropriate Spam Confidence Level (SCL) score modification."


...D

Other related posts: