CISA.MS.EXO.2.1 - A list of approved IP addresses for sending mail SHALL be maintained.
Overview
A list of approved IP addresses for sending mail SHALL be maintained.
Rationale: Failing to maintain an accurate list of authorized IP addresses may result in spoofed email messages or failure to deliver legitimate messages when SPF is enabled. Maintaining such a list helps ensure that unauthorized servers sending spoofed messages can be detected, and permits message delivery from legitimate senders.
Remediation action:
- Identify any approved senders specific to your agency.
- Perform regular review of SPF record and update as necessary.
- Additionally, see External DNS records required for SPF for inclusions required for Microsoft to send email on behalf of your domain.
Related links
- Exchange admin center - Accepted domains
- CISA 2 Sender Policy Framework - MS.EXO.2.1v1
- CISA ScubaGear Rego Reference
Test Metadata
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.2.1 |
| Severity | Medium |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaSpfRestriction |
| Tags | CISA, CISA.MS.EXO.2.1, MS.EXO, MS.EXO.2.1 |
Source
- Pester test:
tests/cisa/exchange/Test-MtCisaSpfRestriction.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaSpfRestriction.ps1