Manage Learn to apply best practices and optimize your operations.

Exchange admins: Is it time to rethink your email address policy?

How can an email address policy setting affect your Exchange Server organization's overall security? And is it time to change that policy? Let's find out.

Most Exchange Server administrators may not spend a lot of time thinking about email address policies. In fact,...

once Exchange is up and running, you probably won't touch the policy again unless a corporate merger or similar event forces you to change company email addresses. But the email address policy may affect your organization's overall security more than you originally thought.

Although more advanced authentication mechanisms are available, most users still authenticate by using a traditional username and password combination. If a hacker can figure out a username, he has one-half of the information needed to log in as a legitimate user.

The problem is that email addresses often have some correlation to usernames. For example, my email address is [email protected]. It's easy to guess that my logon name is Brien. Therefore, it's a good idea to change my email address to a different format than one that includes my logon name.

Modifying a user's email address policy will change his email addresses. If your email address policy was created using Exchange Server 2003, you'll have to use either System Manager to perform the modification or you'll need to upgrade the policy using the Set-EmailAddressPolicy command.

Modifying your Exchange email address policy

You can modify your email address policy by opening the Exchange Management Console and selecting the Hub Transport container from the Organization Configuration section. Next, select the Email Address Policies tab, select your email address policy and click Edit.

The email address policy is comprised of a single text string that dictates the format of the email address. You can use Microsoft's pre-canned address or you can create a custom SMTP address. If your goal is to improve security, I recommend creating a custom SMTP address, which can only be done via the Exchange Management Shell.

To create a custom SMTP email address policy, create a text string that consists of hard-coded text blocks and different variables. A list of the available variables are show in Table 1.


Variable Function
%G First name
%I Middle initial
%S Last name
%D Display name
%M Exchange alias
%<x>S The first X letters of the user's last name. For example %2S would represent the first two letters of the user's last name.
%<x>G The first X letters of the user's first name. For example, %3G would represent the first three letters of the user's first name.

Table 1. Available variables for creating a custom SMTP email address policy.

Although you can see which variables are available, you may still be a bit unclear on how to use them. Here's an example:

First name: Brien
Middle initial: M
Last name: Posey
Display name: Brien Posey

Table 2 shows what the email address looks like based on various email address policy strings.


String Resulting email address
%G.%S [email protected]
%1G%S [email protected]
%G%I%S [email protected]
%G%1S [email protected]

Table 2. Samples of various email address policy strings.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for

Dig Deeper on Exchange Server setup and troubleshooting