Forum Discussion
Send admin notifications on x number of messages from an email address
Hi, We're having a problem with a repeat spam/phishing offender that recycles email addresses from a particular domain. Because the email address is new it hasn't had a chance to be picked up by ...
One approach that might be worth trying is to build a small scheduled script based on Message Trace.
For example, you could:
- run a script every X minutes (Task Scheduler / Azure Automation)
- query recent data using Get-MessageTraceV2 for a defined time window (e.g. last 30–60 minutes)
- group the results by sender or sender domain
- count how many messages were received per group
- and if the count exceeds a threshold, send a notification to the admin
You’d probably also want to add some simple suppression logic (e.g. don’t alert again for the same domain within a certain timeframe) to avoid alert flooding. Scripting is flexible :)