Hi, I think problem that I have is not only my problem: In environment Windows 2008 + Exchange 2007 SP1 Domain Admin can spoof any email address in default! We didn't change any AD permission in system, domain admins have DENY on send-as, but it won't help. I know on Windows 2003 the same configuration prevents Domain Admin to spoof email addresses, but not on Windows 2008.thanks for any support,Adam

Hi,By default, the Administrators group, the Domain Admins group, the Enterprise Admins group, and the Account Operators group have Send As permissions for all users.If a Domain Admin account or Enterprise Admin isnot mailbox enabled, it cannot be used for Send As. We strongly recommend that accounts with elevated permissions such as Domain Admin or Enterprise Admin accounts, should only be used for Administration purposes, and should not be used for daily activities such as email. These accounts should not even be mailbox enabled. Users who have Domain Admin permissions should have a separate account that is not an Administrative Account for normal daily activates. We can put a explicit deny send as permission for enterprise admin and domain admin groups; But this may lead to additional consequences besides putting your messaging environment at risk. Fore more information, please view the below article:http://technet.microsoft.com/en-us/library/bb310792.aspxPleasescroll down to:Q: Why can domain administrators spoof mailbox-enabled user accounts in their domain?ThanksAllen