Forum Discussion
Identify DKIM fails
Dear community,
sometimes we receive Emails pretending to be from our own Exchange colleagues, what is obviously not true. The mails are not DKIM signed and the return path is different. What’s the easiest way to to sort them out in Exchange 365? I cannot identify one single sending server’s IP or return email, it’s always a different one… Further, I don’t want to setup for each user one individual rule...
Thanks in advance!
Markus
If you already have ATP, you should be covered by the "Impersonation intelligence" feature. You can get a list of senders/impersonated users here:https://protection.office.com/#/impersonationinsight?type=User&status=3
There is also the Spoof intelligence feature: https://docs.microsoft.com/en-us/office365/securitycompliance/learn-about-spoof-intelligence?redirectSourcePath=%252fen-us%252farticle%252fLearn-more-about-spoof-intelligence-978c3173-3578-4286-aaf4-8a10951978bf
and the corresponding "insights": https://protection.office.com/#/spoofintelligence?confidence=2&type=External&decision=0&allow=No&insightmode=yes
Note that all of this are still subject to any whitelisting rules, so if such messages are still getting through, check your transport rules, whitelists and safe senders.
- Impersonation Protection in Office 365 stops users receiving emails on their domain outside the organisation.
Best, ChrisThanks Chris,
I'll find out, how to enable this correctly. ATP is already licenced. I'll revert. MS Supporties never mentioned this possibility - though I've explained my issue in length!! :-(
Best regards,
Markus
- Hi Markus,
No worries! Please see here!
https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies
It will be in the security and compliance section of the control panel. Let me know how you get on!
Best, Chris
