STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide

V-259619

CAT II (Medium)

Exchange messages with a malformed From address must be rejected.

Rule ID

SV-259619r1040909_rule

STIG

Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-001308

Discussion

Sender Identification (SID) is an email anti-spam sanitization process. Sender ID uses DNS MX record lookups to verify the Simple Mail Transfer Protocol (SMTP) sending server is authorized to send email for the originating domain. Failure to implement Sender ID risks that spam could be admitted into the email domain that originates from rogue servers. Most spam content originates from domains where the IP address has been spoofed prior to sending, thereby avoiding detection. For example, messages with malformed or incorrect "purported responsible sender" data in the message header could be (best case) created by using RFI noncompliant software but is more likely to be spam.

Check Content

If this server is in a SIPR Enclave, this requirement is Not Applicable.

Note: If third-party anti-spam product is being used, the anti-spam product must be configured to meet the requirement.

Open the Exchange Management Shell and enter the following command:

Get-SenderIdConfig | Select-Object -Property Name, Identity, SpoofedDomainAction

If the value of "SpoofedDomainAction" is not set to "Reject", this is a finding.

Fix Text

Open the Exchange Management Shell and enter the following command:

Set-SenderIdConfig -SpoofedDomainAction Reject