Forum Discussion

laomashitu's avatar
laomashitu
Copper Contributor
Sep 14, 2023

how to block sender with empty email address?

hi all,

 

i have installed the exchange 2016 antispam functionality on mailbox server and it have all succeeded.

 

but i still can see some junk email in the queue viewer. these emails have one feature that their sender email address is blank. how to block it?

 

i copied the details of the email as below:

Identity: WinEXCH\6710\26109106192387
Subject: 未送达: Wa个人贷-企业贷,花黑白户均可办理,V十ffe2013正规可靠wbSCjNjeMlgpQ
Internet Message ID: <email address removed for privacy reasons>
From Address: <>
Status: 重试
Size (KB): 14
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 2023/9/13 22:05:32
Expiration Time: 2023/9/15 22:05:32
Last Error: 454 4.7.1 <email address removed for privacy reasons>: Relay access denied
Queue ID: *****\6710
Recipients: email address removed for privacy reasons;3;2;[{LED=454 4.7.1 <email address removed for privacy reasons>: Relay access denied};{MSG=};{FQDN=};{IP=};{LRT=}];0;CN=*******-outbound,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=SH ******,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=shluoman,DC=cn;0

 

 

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi laomashitu,

    when dealing with the issue of blocking emails with blank sender addresses in Exchange 2016 Server, it's important to have a rounded approach to email security. Here is what you can do:

    1. Use Connection Filtering:
    - Think of this as creating a list of trusted and untrusted sources. Configure Exchange to block emails from known suspicious sources or IP addresses frequently associated with blank sender emails.

    Configure the default connection filter policy | Microsoft Learn

    2. Enable Recipient Filtering:
    - This is like a gatekeeper checking if the mail is addressed to a valid recipient. By enabling this, you can prevent emails with blank or invalid recipient addresses from reaching your inbox.

    Recipient filtering procedures on Edge Transport servers | Microsoft Learn

    3. Consider Sender Reputation:
    - Think of this as checking someone's reputation before allowing them into your home. Use sender reputation filtering if available in your anti-spam solution to assess the trustworthiness of the sender's IP address.

    Sender reputation procedures | Microsoft Learn

    4. Set Up Content Filtering:
    - it is important to having a filter that screens out certain words or phrases. Create content filtering rules to catch spammy content even in emails with blank senders.

    Content filtering procedures | Microsoft Learn

    5. Keep Everything Updated:
    - Keep your anti-spam solution up to date with the latest spam detection techniques and rules.

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic

    • laomashitu's avatar
      laomashitu
      Copper Contributor

      hiLeonPavesic 

       

      are there any other ways to prevent the blank email address except the powerhsell set-senderfileterconfig, while i have enabled it, but exchange 2016 cannot prevent it.

    • laomashitu's avatar
      laomashitu
      Copper Contributor

      LeonPavesic 

       

      many thanks for your help, under your guidance.

       

      last night i have done the block action with powershell, and it succedded.

       


      [PS] C:\Windows\system32>Set-SenderFilterConfig -BlankSenderBlockingEnabled $true
      [PS] C:\Windows\system32>Get-SenderFilterConfig |fl blanksenderblockingenabled


      BlankSenderBlockingEnabled : True

       

      however, i checked the exchange server this morning and still find an email sent with blank email address this morning at 

      Date Received: 2023/9/15 0:21:07

       

      is it the function blanksenderblocking not working or any other else factor?

       

      i pasted the email head below, i highlight the sender and recipients with red. obviously the recipients address is not our domain. apparently this is an jungle email.

       

      Identity: ******\6534\26220775342086
      Subject: 未送达: 【ETC】重要なお知らせ
      Internet Message ID: <ae14d689-fffc-445f-80e5-0ddc2aa85bf3@*****.***.cn>
      From Address: <>
      Status: 就绪
      Size (KB): 18
      Message Source Name: DSN
      Source IP: 255.255.255.255
      SCL: -1
      Date Received: 2023/9/15 0:21:07
      Expiration Time: 2023/9/17 0:21:07
      Last Error: 400 4.4.7 Message delayed
      Queue ID: ******\6534
      Recipients: email address removed for privacy reasons;2;2;[{LED=400 4.4.7 Message delayed};{MSG=};{FQDN=};{IP=};{LRT=}];0;CN=Luoman-outbound,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=SH Luoman,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=shluoman,DC=cn;0

      • laomashitu's avatar
        laomashitu
        Copper Contributor
        email address removed for privacy reasons this is the recipients' email address, it was removed by the privacy reason.

Resources