Applies to: Exchange Server 2013
Topic Last Modified: 2012-10-03
Sender ID functionality is provided by the Sender ID agent. Sender ID validates the origin of email messages by verifying the IP address of the sender against the purported owner of the sender domain. Sender ID filtering is performed on inbound messages that come from the Internet but aren't authenticated. These messages are handled as external messages.
What do you need to know before you begin?
- Estimated time to complete each procedure: 5 minutes
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Anti-spam features" entry in the Anti-Spam and
Anti-Malware Permissions topic.
- You can't use the Exchange admin center (EAC) to perform this
procedure. You can only use the Shell.
- By default, anti-spam features aren't enabled in the Transport
service on a Mailbox server. Typically, you only enable the
anti-spam features on a Mailbox server if your Exchange
organization doesn't do any prior anti-spam filtering before
accepting incoming messages. For more information, see Enable Anti-Spam
Functionality on a Mailbox Server.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
 Tip: |
|---|
| Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection |
What do you want to do?
Use the Shell to enable or disable Sender ID
To disable Sender ID, run the following command:
 Copy Code |
|
|---|---|
Set-SenderIDConfig -Enabled $false |
|
To enable Sender ID, run the following command:
| Copy Code |
|
|---|---|
Set-SenderIDConfig -Enabled $true |
|
 Note: |
|---|
When you disable Sender ID, the underlying Sender ID agent is
still enabled. To disable the Sender ID agent, run the command:
Disable-TransportAgent "Sender ID Agent". |
How do you know this worked?
To verify that you have successfully enabled or disabled Sender ID, do the following:
- Run the following command:
Copy CodeGet-SenderIDConfig | Format-List Enabled
- Verify the value displayed is the value you configured.
Use the Shell to configure the Sender ID action for spoofed messages
To configure the Sender ID action for spoofed messages, run the following command:
| Copy Code |
|
|---|---|
Set-SenderIDConfig -SpoofedDomainAction <StampStatus | Reject | Delete> |
|
This example configures the Sender ID agent to reject any messages where the IP address of the sending server isn't listed as an authoritative SMTP sending server in the DNS Sender Policy Framework (SPF) record for the sending domain.
| Copy Code |
|
|---|---|
Set-SenderIDConfig -SpoofedDomainAction Reject |
|
How do you know this worked?
To verify that you have successfully configured the Sender ID action for spoofed messages, do the following:
- Run the following command:
Copy CodeGet-SenderIDConfig | Format-List SpoofedDomainAction
- Verify the value displayed is the value you configured.
Use the Shell to configure the Sender ID action for transient errors
To configure the Sender ID action for transient errors, run the following command:
| Copy Code |
|
|---|---|
Set-SenderIDConfig -TempErrorAction <StampStatus | Reject | Delete> |
|
This example configures the Sender ID agent to stamp the messages when the Sender ID status can't be determined due to a temporary DNS server error. The message will be processed by other anti-spam agents and the Content Filter agent will use the mark when determining the SCL value for the message.
| Copy Code |
|
|---|---|
Set-SenderIDConfig -TempErrorAction StampStatus |
|
Note that StampStatus is the default value
for the TempErrorAction parameter.
How do you know this worked?
To verify that you have successfully configured the Sender ID action for transient errors, do the following:
- Run the following command:
Copy CodeGet-SenderIDConfig | Format-List TempErrorAction
- Verify the value displayed is the value you configured.
Use the Shell to configure recipient and sender domain exceptions
To replace the existing values, run the following command:
| Copy Code |
|
|---|---|
Set-SenderIDConfig -BypassedRecipients <recipient1,recipient2...> -BypassedSenderDomains <domain1,domain2...> |
|
This example configures the Sender ID agent to bypass the Sender ID check for messages sent to kim@contoso.com and john@contoso.com, and to bypass the Sender ID check for messages sent from the fabrikam.com domain.
| Copy Code |
|
|---|---|
Set-SenderIDConfig -BypassedRecipients kim@contoso.com,john@contoso.com -BypassedSenderDomains fabrikam.com |
|
To add or remove entries without modifying any existing values, run the following command:
| Copy Code |
|
|---|---|
Set-SenderIDConfig -BypassedRecipients @{Add="<recipient1>","<recipient2>"...; Remove="<recipient1>","<recipient2>"...} -BypassedSenderDomains @{Add="<domain1>","<domain2>"...; Remove="<domain1>","<domain2>"...}
|
|
This example configures the Sender ID agent with the following information:
- Add chris@contoso.com and michelle@contoso.com to the list of
existing recipients who bypass the Sender ID check.
- Remove tailspintoys.com from the list of existing domains that
bypass the Sender ID check.
| Copy Code |
|
|---|---|
Set-SenderIDConfig -BypassedRecipients @{Add="chris@contoso.com","michelle@contoso.com"} -BypassedSenderDomains @{Remove="tailspintoys.com"}
|
|
How do you know this worked?
To verify that you have successfully configured recipient and sender domain exceptions, do the following:
- Run the following command:
Copy CodeGet-SenderIDConfig | Format-List BypassedRecipients,BypassedSenderDomains
- Verify the values displayed are the values you configured.