How to prevent Spoofed Emails in Exchange 2003

Spammers use all type of techniques to get their rubbish through to you and one technique that they use is called spoofing, whereby they forge the sender address and use your own email address, or as the sender address.

There are various ways to combat this and in Exchange 2003, you can do the following:

  • Setup Sender Filtering to stop inbound emails that are supposedly from your own domain name.
  • Setup Tarpitting to slow down spammers who try to determine the email addresses that are sitting on your Exchange server.
  • Setup a Sender Policy Framework (SPF) record for your domain.
  • Setup Sender ID filtering to check SPF records for inbound email and reject ones that fail.
  • Setup Recipient Filtering (won’t solve the spoofing problem, but it is highly recommended to set this up too)

To set these various Anti-Spam techniques up, you should first check that you are using Exchange 2003 Service Pack 2 by opening up Exchange System Manager, expanding Servers, then click onto your server and then right-click on your server and choose properties.

The screen that follows should advise you what Service Pack your Exchange Server is on.  If it does not say Service Pack 2, please visit the following link to download and install it:

If you are already on Exchange 2003 Service Pack 2, then please review the following articles to setup the various Anti-Spam techniques:

Once you have setup the above, you should be free from spoofed emails claiming to come from or from your own email address to yourself!

As an alternative to the above, you could simply install some Anti-Spam software and one product that I have been using recently after being recommended it by a Microsoft Exchange MVP is Vamsoft ORF which is currently priced at $239 per server and has drastically reduced the amount of spam that I have been receiving and now my customers who also have Vamsoft, have also seen a dramatic reduction in their spam levels too.  Their website is


4 Responses

  1. Do you know if it is possible to prevent my legitimate email account holders from spoofing other legitimate acct holders
    with Exchange 2007. This is referring to SMTP sent emails.

    The situation is a university setting , everyone on exchange 2007 , and I want to allow authenticated smtp but prevent students from spoofing of other students.
    sounds easy but is not so

  2. Our site uses Horde 4.1.6 and our domain is being spoofed for Pizfer drugs. Can you give us some tips or your page that covers the info?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: