Title

Public Folder “Send on Behalf of” feature is in use. (Cat III impact)

Discussion

The principle of non-repudiation gives a message recipient the assurance that the message can be attributed to the named sender. If users are allowed to send on behalf of other parties, it introduces risk that receivers may never realize the identity of the actual sender of the message. This can enable nefarious senders to mask their activities. The “Send on Behalf” field should be cleared (messages are not sent on behalf of any party). While the full “from” field displays both the actual sender as well as who the message is on behalf of, in many instances only the party on whose behalf the message was sent may be seen. If “Send on behalf” is used, accounts with the ability should be documented and monitored to ensure this privilege is not being abused.

Check Content

If Public Folders are not in use, this is N/A. Review the 'Send on behalf of' field. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Folders >> Public Folders >> [Public Folder] >> Properties >> Exchange General tab >> Delivery Options button. The “Send on Behalf of” list should be empty. Criteria: If the “Send on Behalf” list is empty, this is not a finding.

Fix Text

Disable the Public Folder “send on behalf of” feature. Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Folders >> Public Folders [Public Folder] >> Properties >> Exchange General Tab >> Delivery Options Button. Empty the “Send on Behalf of” list.

Additional Identifiers

Rule ID: SV-20260r1_rule

Vulnerability ID: V-18658

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.