Forum Discussion
SPF exception in EOP
- TenantAllowBlockListSpoofItems are meant for cases when organizations sending you messages don't have their configuration in order. I prefer not using rules, as 1) over time people don't maintain these, 2) they tent to grow and nobody knows what these entries were for in few months. When submitting TABL (through submit false positives), you can also time-restrict the exception, as the sender needs to take action (and you are usually not the only recipient having to implement workarounds)
When an email is sent from a domain with no SPF published and DKIM not enabled, the emails fails authentication and may be delivered to Junk or Quarantine.
You can create a transport rule to set the SCL (spam confidence level) of emails sent from the domain to -1 but this is not recommended as all emails from the domain will not be filtered in this case. The screenshot below shows the configuration of the rule.
If the email will be coming from a specific static IP address, I will recommend you add the IP address to the allow list of the connection filter policy as only emails from the IP will be delivered and this will help should in case the domain get spoofed.
If I have answered your question, please mark your post as Solved
If you like my response, please give it a Like 
Appreciate your Kudos! Proud to contribute!
