Exchange 2013/2016

Filter Email for Unknown Users

On this Page

• Introduction
• Anti-Spam Controls Installation
• Enable Recipient Filtering
• Tar Pit

Other Versions of Exchange

This article is available for other versions of Exchange:

Exchange 2003
Exchange 2007 / 2010

Introduction

Being able to filter out email for non-existent users is a key configuration for modern email servers. This can have a significant effect on the amount of email that the server has to process and ensures that you are not a cause of backscatter, which can lead to the server being blacklisted. 

The rejection is done at the SMTP level - so the email message isn't even delivered. If valid senders misspell an email address then they will get a bounce message immediately - indicating that the message has been rejected.

However note that this applies to any recipient - so if an email is sent to multiple recipients and one of them is invalid, then no one will get the message.

The ability for Exchange 2013 to drop email for unknown recipients is available as part of the anti-spam functionality, but this is only installed by default on the Edge Server role. For a deployment without an Edge server you need to install the anti-spam agents manually on the Hub Transport servers. If you are using multiple hub transport servers then they need to be installed on everyone that is internet facing. This is done by using a PowerShell script supplied with the server. 

Anti-spam Controls Installation.

1. Open Exchange Management Shell.
2. Run the following command
   

   & $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

3. Once it has completed, restart the Microsoft Exchange Transport Service.
   

   Restart-Service MSExchangeTransport

Enable Recipient Filtering.

Unlike Exchange 2010 and older versions there is no GUI for this function. Therefore to enable it you need to run a command in Exchange Management Shell:

Set-RecipientFilterConfig -RecipientValidationEnabled $true

Restart the Microsoft Exchange Transport Service as before for the function to become active.

Tar Pit

With Exchange 2003 you needed to enable the tar pit to protect against directory harvest attacks. That is not required with Exchange 2007 and higher as tar pit is enabled by default.