Forum Discussion

Copper Contributor

Nov 27, 2018

Identify DKIM fails

Dear community, sometimes we receive Emails pretending to be from our own Exchange colleagues, what is obviously not true. The mails are not DKIM signed and the return path is different. What’s the ...

exchange

office 365

VasilMichev

MVP

Nov 27, 2018

If you already have ATP, you should be covered by the "Impersonation intelligence" feature. You can get a list of senders/impersonated users here:https://protection.office.com/#/impersonationinsight?type=User&status=3

There is also the Spoof intelligence feature: https://docs.microsoft.com/en-us/office365/securitycompliance/learn-about-spoof-intelligence?redirectSourcePath=%252fen-us%252farticle%252fLearn-more-about-spoof-intelligence-978c3173-3578-4286-aaf4-8a10951978bf

and the corresponding "insights": https://protection.office.com/#/spoofintelligence?confidence=2&type=External&decision=0&allow=No&insightmode=yes

Note that all of this are still subject to any whitelisting rules, so if such messages are still getting through, check your transport rules, whitelists and safe senders.