Title

Trust EMail from senders in receivers contact list must be enforced. (Cat II impact)

Discussion

Email addresses in users' Contacts list are treated as safe senders for purposes of filtering junk email. If this configuration is changed, email from users' Contacts might be misclassified as junk and cause important information to be lost.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Junk E-mail "Trust E-mail from Contacts" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\outlook\options\mail Criteria: If the value JunkMailTrustContacts is REG_DWORD = 1, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Outlook Options -> Preferences -> Junk E-mail "Trust E-mail from Contacts" to "Enabled".

Additional Identifiers

Rule ID: SV-53882r1_rule

Vulnerability ID: V-17807

Group Title: DTOO223 - Trust EMail from Contacts

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.