Microsoft Exchange and Active Directory Blog
The spam blacklist Nixspam (ix.dnsbl.manitu.net) from iX magazine and the hoster manitu has been switched off. Since 16.01.2025, the DNS blacklist no longer contains any entries. All blacklist responses now only return "no spam" as the result of the check. As the nixspam blacklist was used by many AntiSpam systems, it should now be checked whether the nixspam blacklist is still used for ... Read more
The first part of this article dealt with the requirements and the potential problems associated with them. The second part now deals with the management of SPF entries. In a relatively small and static environment, you will have very few points of contact with the Sender Policy Framework. As a rule, small environments in the ... Read more
Managing the Sender Policy Framework (SPF) entries can be time-consuming in more complex environments, as there are a few things to consider: The SPF entry has become very important for sending mails. Most providers and recipients reject mails from servers that are not in the SPF of the domain. Mails from ... Read more
In this article I try to explain why you should avoid some special Backup MX configurations. The configuration of a Backup MX at the provider or hoster is outdated and should no longer be used. Backup MX at the provider I have often come across the configuration with a Backup MX entry for the provider. The MX entries ... Read more
I have already written about DKIM in conjunction with Sophos UTM here. Here is an article about Exchange and DKIM. Mails can receive a DKIM signature directly on the Exchange server, so an additional AntiSPAM solution that adds the DKIM signature is not necessary. To add DKIM signatures directly on the Exchange ... Read more
Spam filters are sometimes easy to bypass, and I have already shown one possible way of doing this. It is usually difficult for users to recognize whether it is a valid and harmless email or whether all hell will break loose in the form of Emotet malware with the next click. In many environments, a few clicks by a user are actually enough to ... Read more
Emails are known to be the main gateway for malware, viruses and all sorts of other nasty things. Unfortunately, the Exchange Server does not come with a proper spam filter, so other products have to be used for effective defense against spam and malware. Unfortunately, even the best spam filter lets a malicious mail through from time to time and of course it happens ... Read more
Here is another short review. I am often asked which anti-spam / email security product I would recommend and what my experience with it has been. There are countless solutions on the market and almost the entire spectrum is covered: special hardware appliances, VMs, Windows or Linux, software that runs directly on the Exchange ... Read more
DMARC is based on the SPF (Sender Policy Framework) and DKIM (Domainkeys Identified Mail) technologies. DMARC can be used to determine how a recipient should deal with a mail that does not correspond to the sender's DKIM or SPF settings. In addition, the recipient can send reports to the sender for evaluation. In this way it is possible ... Read more
MTA-STS (Mail Transfer Agent-Strict Transport Security, STS for short) is a fairly new tool for making sending and receiving mail more secure. MTA-STS has now been adopted as RFC-8461 and can therefore be used. Similar to DANE, information is stored in the DNS for STS. The big difference, however, is that STS does not require DNSSEC ... Read more
