UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Public Folder “Send on Behalf of” feature is in use.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18658 EMG2-511 Exch2K3 SV-20260r1_rule ECSC-1 Low
Description
The principle of non-repudiation gives a message recipient the assurance that the message can be attributed to the named sender. If users are allowed to send on behalf of other parties, it introduces risk that receivers may never realize the identity of the actual sender of the message. This can enable nefarious senders to mask their activities. The “Send on Behalf” field should be cleared (messages are not sent on behalf of any party). While the full “from” field displays both the actual sender as well as who the message is on behalf of, in many instances only the party on whose behalf the message was sent may be seen. If “Send on behalf” is used, accounts with the ability should be documented and monitored to ensure this privilege is not being abused.
STIG Date
Microsoft Exchange Server 2003 2014-08-19

Details

Check Text ( C-22377r1_chk )
If Public Folders are not in use, this is N/A.

Review the 'Send on behalf of' field.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Folders >> Public Folders >> [Public Folder] >> Properties >> Exchange General tab >> Delivery Options button.

The “Send on Behalf of” list should be empty.

Criteria: If the “Send on Behalf” list is empty, this is not a finding.


Fix Text (F-19306r1_fix)
Disable the Public Folder “send on behalf of” feature.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Folders >> Public Folders [Public Folder] >> Properties >> Exchange General Tab >> Delivery Options Button.

Empty the “Send on Behalf of” list.