Exchange 2007 SPAM & SPF

If you are trying to configure Exchange 2007 SPF and are seeing "TempError" for mails spoofed for your own domains, it is becuase Exchange 2007 uses the same query code for SPF as it does for other SMTP DNS queries.

This leads to it thinking that if it matches it's own IP to an MX record query, this indicates a loop, and removes these entries from it's results, leading to the TempError in the SPF query.

Example SMTP SPAM message header:

----------------------------------------------------------------------------------------------------

Received: from 10.10.10.11 (10.10.10.11) by exchange.contoso.com

 (10.10.10.12 with Microsoft SMTP Server id 8.1.375.2; Thu, 13 Aug 2009

 13:03:34 +0200

From: "? VIAGRA ? Official Site" <ontheroad@contoso.com>

To: <Jane@contoso.com>

Subject: Dear admin@contoso.com72% 0FF on Pfizer !

MIME-Version: 1.0

Content-Type: text/html; charset="ISO-8859-1"

Content-Transfer-Encoding: 7bit

Message-ID: <12345678-abcd-abcd-1234-1234567890ab@exchange.contoso.com>

Return-Path: ontheroad@contoso.com

Date: Thu, 13 Aug 2009 13:03:34 +0200

X-MS-Exchange-Organization-PRD: contoso.com

X-MS-Exchange-Organization-SenderIdResult: TempError

Received-SPF: TempError (exchange.contoso.com: error in processing during

 lookup of ontheroad@contoso.com: )

X-MS-Exchange-Organization-Antispam-Report: SenderOnRecipientSafeList

X-MS-Exchange-Organization-SCL: -1

---------------------------------------------------------------------------------------------------- 

If you have safe lists (in this example, for a mobile user ontheroad@contoso.com), this can override other SPAM  protection mechanisms, meaning that someone spoofing an address which you have listed in your safe list will get through to your mailboxes.

The best way to prevent this is not to use MX records in conjunction with Exchange 2007 and SPF entries.

Rather replace the MX records with the actual SMTP server IP Addresses which are responsible for your external delivery.