Hi,
I have an edge server that has an accepted domain: mydomain.com
I want to block spam of type user@mydomain.com being allowed through the edge server's anti-spam engine.
I know the easy way to do this is:
Get-ReceiveConnector “my receive connector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like
“ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermissionThat works but the complication is that a couple of (legit) external services are sending email into our domain with email address like cloudprovider@vistek.ca. When I run the powershell above, email from those providers is blocked.
Is there a workaround? I was hoping that by adding the cloud providers domains to my SPF record by appending via something like "include:cloudprovider.com" it would allow that email, but that doesn't seem to be the case. The cloud provider can't do authenticated email either.
Is there a way I prevent spoofed domain emails from everyone but certain senders?
Thanks,