Overview
We know that some of our customers leverage Exchange transport rules to prepend subject line or insert the message body to show the email is from external senders. This approach has a few ...
Updated Oct 06, 2023
Version 16.0
Blog Post
Just an important note about this feature to share with you all........
Per Microsoft's design, the IsExternalSender MAPI property is not set to TRUE if an external sender spoofs an SMTP-address that is assigned to a mailbox within your Exchange Online organization. This is important for your mail users to be aware of, as the "External" call-out will not be applied to messages that spoof fellow mail users from the same Exchange Online organization.
So do not have your employees rely on this "External" call-out to differentiate someone maliciously phishing as an executive employee giving directions to do things.
While DMARC policy can route such spoofing messages to the Junk Email folder, they still will not have the "External" call-out applied to them by Outlook.