Sender reputation procedures

Sender reputation and the Protocol Anaysis agent block unwanted messages according to various characteristics of the sender. Sender reputation relies on persisted data about the sender to determine what action, if any, to take on an inbound message. For more information, see Sender reputation and the Protocol Analysis agent.

What do you need to know before you begin?

  • Estimated time to complete each procedure: 5 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Antispam features" entry in the Antispam and antimalware permissions topic.

  • You can only use PowerShell to perform this procedure. To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

  • By default, antispam features aren't enabled in the Transport service on a Mailbox server. Typically, you only enable the antispam features on a Mailbox server if your Exchange organization doesn't do any prior antispam filtering before accepting incoming messages. For more information, see Enable antispam functionality on Mailbox servers.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

Use the Exchange Management Shell to enable or disable sender reputation

To disable sender reputation, run the following command:

Set-SenderReputationConfig -Enabled $false

To enable sender reputation, run the following command:

Set-SenderReputationConfig -Enabled $true

Note

The Protocol Analysis agent is the underlying agent for sender reputation functionality. When you disable sender reputation, the Protocol Analysis agent is still enabled. To disable the Protocol Analysis agent, run the command: Disable-TransportAgent "Protocol Analysis Agent".

How do you know this worked?

To verify that you have successfully enabled or disabled sender reputation, run the following command to verify the Enabled property value:

Get-SenderReputationConfig | Format-List Enabled

Use the Exchange Management Shell to enable or disable sender reputation for external messages

By default, sender reputation is enabled for external messages (messages from external sources).

To disable sender reputation for external messages, run the following command:

Set-SenderReputationConfig -ExternalMailEnabled $false

To enable sender reputation for external messages, run the following command:

Set-SenderReputationConfig -ExternalMailEnabled $true

How do you know this worked?

To verify that you have successfully enabled or disabled sender reputation for external messages, run the following command to verify the ExternalMailEnabled property value:

Get-SenderReputationConfig | Format-List ExternalMailEnabled

Use the Exchange Management Shell to enable or disable sender reputation for internal messages

As a best practice, you don't need to apply antispam filters to messages from trusted partners or from inside your organization. There's always a chance that the filters will detect false positives. To reduce the chance that filters will mishandle legitimate email messages, you should typically configure antispam agents to only run on messages from untrusted and unknown sources.

To enable sender reputation for internal messages, run the following command:

Set-SenderReputationConfig -InternalMailEnabled $true

To disable sender reputation for internal messages, run the following command:

Set-SenderReputationConfig -InternalMailEnabled $false

How do you know this worked?

To verify that you have successfully enabled or disabled sender reputation for internal messages, run the following command to verify the InternalMailEnabled property value:

Get-SenderReputationConfig | Format-List InternalMailEnabled

Use the Exchange Management Shell to configure sender blocking in sender reputation

Sender blocking uses the calculated sender reputation level (SRL) of the sender and a specified SRL threshold to temporarily block the sender. To configure the sender blocking in sender reputation, use the following syntax:

Set-SenderReputationConfig -SenderBlockingEnabled <$true | $false> -SrlBlockThreshold <0 - 9> [-SenderBlockingPeriod <0 - 48>]

This example lowers the sender reputation level (SRL) block threshold to 6 (which means senders with an SRL of 6, 7, 8, or 9 are blocked), and blocks the offending senders for 36 hours:

Set-SenderReputationConfig -SrlBlockThreshold 6 -SenderBlockingPeriod 36

This example disables sender blocking.

Set-SenderReputationConfig -SenderBlockingEnabled $false

Notes:

  • The default value of the SenderBlockingEnabled parameter is $true.

  • The default value of the SenderBlockingPeriod parameter is 24.

  • The default value of the SrlBlockThreshold parameter is 7.

  • You can't disable sender blocking and open proxy server detection at the same time. One must be enabled when the other is disabled, or they both can be enabled.

How do you know this worked?

To verify that you have successfully configured sender blocking in sender reputation, run the following command to verify the property values:

Get-SenderReputationConfig | Format-List *block*

Use the Exchange Management Shell to configure open proxy server detection in sender reputation

By default, sender reputation uses open proxy server detection as one of the criteria to calculate the SRL of the source server. In open proxy server detection, the Exchange server tries to send a test message from the source messaging server. If the test message is successfully delivered back to the Exchange server, it indicates the source server is configured as an open proxy server (intentionally or unintentionally).

Open proxy server detection uses the protocols and TCP ports that are described in the following table, so these outbound ports need to be open in your firewall:

Protocols Ports
SOCKS4, SOCKS5
1081, 1080
Wingate, Telnet, Cisco
23
HTTP CONNECT, HTTP POST
6588, 3128, 80

Also, if your organization uses a proxy server to control outbound Internet traffic, you need to configure sender reputation to use your proxy server to access the Internet. Specifically, you need to define the proxy server name, type, and TCP port that sender reputation requires to access the Internet.

To configure open proxy server detection in sender reputation, use the following syntax:

Set-SenderReputationConfig -OpenProxyDetectionEnabled <$true | $false> [-ProxyServerName <String> -ProxyServerPort <Port> -ProxyServerType <None | Socks4 | Socks5 | HttpConnect | HttpPost | Telnet | Cisco | Wingate>]

This example configures sender reputation to connect to the Internet through the proxy server named SERVER01 that uses the HTTP CONNECT protocol on port 80.

Set-SenderReputationConfig -ProxyServerName SERVER01 -ProxyServerPort 80 -ProxyServerType HttpConnect

This example disables open proxy server detection in sender reputation.

Set-SenderReputationConfig -OpenProxyDetectionEnabled $false

Notes:

  • The default value of the OpenProxyDetectionEnabled parameter is $true.

  • The default value of the ProxyServerName parameter is blank ($null).

  • The default value of the ProxyServerPort parameter is 0.

  • The default value of the ProxyServerType parameter is None.

  • You can't disable open proxy server detection and sender blocking at the same time. One must be enabled when the other is disabled, or they both can be enabled.

How do you know this worked?

To verify that you have successfully configured open proxy server detection in sender reputation, run the following command to verify the property values:

Get-SenderReputationConfig | Format-List *proxy*

See also

Get-SenderReputationConfig

Set-SenderReputationConfig