Delete Phishing Emails Using Exchange Server 2010 PowerShell

Aftab Alam Aftab Alam Updated On - 30 Oct 2019

If you think that you get spammy and fishing emails in your personal email account only, and not in the professional email account, then you are wrong. Whenever you use your professional email account at a suspicious website, then get ready to face the spammy and phishing emails. The phishing email is a direct attack to steal your data, credit card details, login credentials, etc.

Many users fall into such trap unknowingly as the phishing email portray itself as an innocent mail and lures you to click on some links. It leads to the installation of malware on your system to steal crucial information.

When you have configured the MS Outlook with Exchange Server 2010 and using it as your email manager, then you need to be more cautious as the phishing mail can access or corrupt your professional data. It will be catastrophic for business as hackers can get sensitive business details. You should recognize and delete such emails as soon as possible from your system.

Delete phishing emails using Exchange Server 2010 PowerShell

Exchange PowerShell lets you run useful cmdlets and make the desired changes in the whole Exchange setup. Here is the process of finding the phishing emails and delete them from the mailbox –

  1. The user account which you use to delete the message should have the Mailbox Import Export permissions assigned to it. So, first, create the role group.
  2. New-RoleGroup “Mailbox Import-Export Management” -Roles “Mailbox Import Export”
  3. Now, add a member to the role group.
  4. Add-RoleGroupMember “Mailbox Import-Export Management” – Member <useraccount>
  5. Search any email using the following command –
  6. Search-Mailbox -Identity “mailboxname” -SearchQuery ‘Subject: Lucky Draw Winner’ -DeleteContent

The cmdlet will first search for a message which has a subject ‘Lucky Draw Winner’ from the mailbox and delete it.

It is a simple procedure to find a message and delete it directly. You can input any search query based on the properties of a mail and delete the phishing emails. However, there are multiple limitations related to the method which make it not suitable to handle the phishing emails.

  • When the number of phishing emails is quite high, then the method will take too much time to delete each one.
  • The method is suitable for a single mailbox only. So, if the problem is spread into multiple user mailboxes, then you have to access each mailbox separately or use scripts.
  • If the cmdlet finds another message with the same parameter, then it will delete it.
  • It cannot remove any corruption from the Exchange.
  • The search-mailbox cmdlet can access up to 10,000 mailboxes only.
  • If you are using Exchange online, then you should use a different cmdlet New-Compliance Search.
  • You need to run the cmdlets multiple times to completely remove the phishing emails.

Kernel for Exchange Server

Kernel for Exchange recovers corrupt Exchange databases and lets you save mailboxes in full health and without any virus. It works as an EDB to PST converter which has multiple features which helps the user to recover the unlimited mailboxes –