Forum Discussion

LukeChung's avatar
LukeChung
Copper Contributor
Apr 21, 2022

Is there a way to have Exchange/Outlook block all messages from unauthorized senders?

We keep receiving phishing emails though our Office365 account. They are from unauthorized senders where the message header shows failed SPF validation and many other flags. For example, here are sev...
office 365
security
Adin_Calkic's avatar
Adin_Calkic
Steel Contributor
Apr 25, 2022

Hi LukeChung ,

 

I am not sure what license sku you have in your tenant, but you should look into implementing Defender for Office 365. If the user is sending email from multiple domains, it will be difficult to block unless they are sending emails from a single static IP address. 

 

I would look into implementing Defender for Office 365 (you will need Business Premium license), and then implement policies along with adding DKIM/DMARC records. 

 

You can read about defender here.

  • LukeChung's avatar
    LukeChung
    Copper Contributor
    Apr 26, 2022

    Adin_Calkic 

     

    Thank you. We have Defender for Office 365 but it doesn't seem to block emails with headers that have failed SPF. Blocking emails from unauthorized senders is a pretty basic feature of a spam blocker. 

     

    Is there a particular setting we may have set incorrectly? Where or what DKIM/DMARC records need to be stopped? 

    • Adin_Calkic's avatar
      Adin_Calkic
      Steel Contributor
      Apr 26, 2022

      Hi LukeChung ,

       

      do you have TXT record _dmarc set to v=DMARC1; p=quarantine; pct=100 . This setting will send failed emails to quarantine. 

       

      Also, if you set p=reject; instead of quarantine. it will reject the messages. But I would use quarantine.

Resources