Forum Discussion
alot of users getting spam
a few of our users are getting spam emails that make it seems that the emails are from microsoft. some are received from their own email address. upon checking the header, we found this. dmarc fai...
I do it in a couple of steps. allow through if Authentication-Results header includes dkim=pass and \.d=microsoft.com Then Quarantine anything with (?i)microsoft in the header. You have to be specific and can't just look at spf or dkim=pass without looking at what it's passing.