Forum Discussion
Suspicious emails not blocked
Every email had the same IP address of a sending device, some Windows box with default computer name (DESKTOP-blabla). I've been advised to create a mail flow rule to block emails from this IP and so far the user is not receiving them.
Headers of this last message:
Authentication-Results: spf=pass (sender IP is 40.107.2.103)
smtp.mailfrom=abconkenya.com; esf.lt; dkim=pass (signature was verified)
header.d=AbconKenya.onmicrosoft.com;esf.lt; dmarc=bestguesspass action=none
header.from=abconkenya.com;
Received-SPF: Pass (protection.outlook.com: domain of abconkenya.com
designates 40.107.2.103 as permitted sender) receiver=protection.outlook.com;
client-ip=40.107.2.103; helo=EUR02-VE1-obe.outbound.protection.outlook.com;
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (40.107.2.103) by
DB5EUR01FT060.mail.protection.outlook.com (10.152.5.232) with Microsoft SMTP
We havfen't found a way to report phishing in Oultook (aside of regular Junk mail settings), so we have reported it via OWA (a few last messages).
Every email had the same IP address of a sending device, some Windows box with default computer name (DESKTOP-blabla). I've been advised to create a mail flow rule to block emails from this IP and so far the user is not receiving them.