Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-08-17

This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure Sender ID in Microsoft Exchange Server 2007. The Sender ID agent is an anti-spam agent that is enabled on computers that have the Edge Transport server role installed. Sender ID tries to verify that every e-mail message originates from the Internet domain from which it claims to have been sent. Sender ID checks the address of the server that sends the message against a registered list of servers that the domain owner has authorized to send e-mail.

For more information about how Sender ID works, see Sender ID and the Microsoft.com topic about Sender ID.

To use Sender ID to filter spam, follow these steps:

  1. Update your organization's Internet-facing domain name system (DNS) to support Sender ID.

  2. Enable Sender ID on the Edge Transport server.

  3. Specify recipients and sender domains that you want to exclude from Sender ID filtering.

  4. Configure the actions that Sender ID takes on specific types of status information.

Important:
Changes that you make to the Sender ID configuration by using the Exchange Management Console or the Exchange Management Shell are made only to the local computer that has the Edge Transport server role installed. If you have multiple instances of the Edge Transport server role running in your organization, you must apply Sender ID configuration changes to each computer.

Updating Your Organization's Internet-Facing DNS to Support Sender ID

The effectiveness of Sender ID depends on specific DNS data. The more organizations that update their Internet-facing DNS servers by using a sender policy framework (SPF) record, the more effectively Sender ID identifies spoofed e-mail messages. For more information about how Sender ID uses DNS data to identify spoofed messages, see Sender ID.

To support the Sender ID infrastructure, you must update your Internet-facing DNS data by creating an SPF record and hosting the SPF record on your public DNS servers. For more information about how to create and deploy SPF records, see the Microsoft.com topic, Sender ID.

Enabling Sender ID

By default, Sender ID is enabled on the Edge Transport server role for inbound messages that come from the Internet but are not authenticated. These messages are handled as external messages. You can disable Sender ID in individual computer configurations by using the Exchange Management Console or the Exchange Management Shell.

When Sender ID is enabled on a computer, it filters all messages that come through all Receive connectors on that computer. As noted earlier in this topic, only messages that come from external sources are filtered. External sources are defined as non-authenticated sources. These are considered anonymous Internet sources.

For more information about how to configure Receive connectors and how message source categories are determined, see Receive Connectors.

As a best practice, you should not filter messages from inside your organization or from trusted partners. When you run anti-spam filters, there is always a chance that the filters will detect false positives. To reduce the chance of mishandling legitimate e-mail messages, you should enable anti-spam agents to run only on messages from potentially untrusted and unknown sources. You can enable and disable Sender ID to run on messages from any source by using the Exchange Management Shell.

For more information about how to enable or disable Sender ID, see How to Enable Sender ID.

Specifying Recipients and Sender Domains to Exclude From Sender ID Filtering

You may want to exclude specific recipients and sender domains from Sender ID filtering. To do this, specify the recipients and sender domains in the Exchange Management Shell. You cannot specify the recipients and sender domains in the Exchange Management Console.

For more information about how to set recipient and sender domain exclusions for Sender ID, see Set-SenderIdConfig.

Configuring Sender ID Actions

As described in Sender ID, the Sender ID evaluation process generates a Sender ID status when the agent detects messages that are spoofed or have a transient error. You can set a separate Sender ID action for instances when a message is spoofed and for instances when a transient error is returned:

  • To set an action for instances when a message is spoofed, you can use the Exchange Management Console or the Exchange Management Shell. 

  • To set an action for instances when a transient error is returned, you must use the Set-SenderIdConfig command in the Exchange Management Shell. You cannot set the action in the Exchange Management Console.

You can configure the Sender ID agent to perform one of the following actions:

  • Stamp the message with the status.

  • Reject the e-mail and send an SMTP error response to the sending server.

  • Delete the message without sending a response.

The default for both instances is to stamp the message with the Sender ID result and continue to process the message.

For detailed instructions on how to configure Sender ID actions, see How to Configure Sender ID Actions.

For More Information

For more information about how to create and deploy SPF records, see the Microsoft.com topic, Sender ID.

For more information about anti-spam and antivirus features in Exchange 2007, see Anti-Spam and Antivirus Functionality.

For more information about how to configure Sender ID, see the following topics:

For more information about how to configure Sender ID by using the Exchange Management Shell, see the following topics: