One User who is sending SPAM

Hi Gary Choinski

I would strongly suggest backup and refresh of the O/S to wipe out any offending malware/virus that he may have on his computer.

Putting stop gap measures in doesn't solve the issue which is still compromising your system security, and you limit any risk of the issue spreading to other devices.

Better to play it safe and wipe the computer and educate the user on the dangers of installing unknown software and opening unknown email attachments, etc.

Good luck!

Cheers

Damien

Hello Gary,

Could you please give us little more information on in which app in 365 the spams are routed? 

Hi Gary,

To follow up on what Adam has said

• Implementing SPF (As mentioned) DKIM and DMARC
• Strict Exchange Online settings, including Outbound spam and blacklisting
• Implementing Impersonation protection in the Security and Compliance Centre
• Implementing Advanced Threat Protection (ATP) if you have a Microsoft 365 Plan which has it to prevent future possible attacks to the user
• Reset Password (As mentioned) and implementing Multifactor Authentication (MFA) with Microsoft Authenticator to lock down the user
• Setup outbound spam notifications to monitor (https://heresjaken.com/how-to-setup-outbound-spam-notifications-on-office-365-or-exchange/)
• Turn on mailbox auditing in order to monitor if their mailbox is being accessed at unusual times https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing

There is also third party solutions such as Mimecast which offer Internal Email protect between the users mailboxes which ought to cut down on a lot of it if you decide to go the third party route.

Because it could be a breach I would also consider some additional steps such as scanning of the machine with a reputable endpoint solution, activating credential and device guard if using Windows 10 and enrolling their devices into Intune in order to manage and protect their devices against modern threats.

Hope this helps

Best, Chris