Forum Discussion

Copper Contributor

Jul 08, 2021

Solved

Auto forwarding emails treating emails as spoofed

Our company A has recently acquired company B and created mailboxes for them in company A and setup email forwarding from B to A so that they use a single mailbox. Now the issue is whenever users fro...

exchange

security

vivekvardhan007
Jul 15, 2021
AndresGorzelany, On further research I found that all these auto-forwarded emails are stamped an attribute Authentication-Results-Original: CompamyB.com. I created a Transport rule to set the SCL value as -1 if this attribute is found in Email-Headers and its working now, however I don't think its an appropriate solution because we are skipping the spam filtering and ATP in this workaround. Other solutions would be appreciated.

AndresGorzelany

MVP

Jul 09, 2021

I see,
Take a look at this https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#use-the-microsoft-365-defender-portal-to-create-allow-or-block-spoofed-sender-entries-in-the-tenant-allowblock-list and see if this could apply to your scenario.
I'll try to do some tests too.

vivekvardhan007

Copper Contributor

Jul 15, 2021

AndresGorzelany, On further research I found that all these auto-forwarded emails are stamped an attribute Authentication-Results-Original: CompamyB.com. I created a Transport rule to set the SCL value as -1 if this attribute is found in Email-Headers and its working now, however I don't think its an appropriate solution because we are skipping the spam filtering and ATP in this workaround. Other solutions would be appreciated.

Victor_Ivanidze
Bronze Contributor
Jul 15, 2021
Could you avoid forwarding by assigning the alias address bob@b.com to bob@a.com?