Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide
SRG-APP-000261
Exchange nonexistent recipients must not be blocked.
Exchange nonexistent recipients must not be blocked.
An XCCDF Rule
Details
Profiles
Prose
Exchange nonexistent recipients must not be blocked.
Medium Severity
<VulnDiscussion>Spam originators, in an effort to refine mailing lists, sometimes use a technique where they first create fictitious names and then monitor rejected emails for nonexistent recipients. Those not rejected are deemed to exist and are used in future spam mailings. To prevent this disclosure of existing email accounts to spammers, email to nonexistent recipients must not be blocked. Instead, it is recommended that all messages be received, then evaluated and disposed of without enabling the sender to determine existent versus nonexistent recipients.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>