Forum Discussion

Björn Lagerwall's avatar
Björn Lagerwall
Brass Contributor
Nov 16, 2020
Solved

Exclude Safety Tips from certain sender?

Hi all,   Our HR must use SurveyMonkey for sending out surveys. While I can exclude it from Junk Folder in O365 ATP/Defender for O365, Outlook still displays a warning: "Jane.Doe@ourcompany.com via...
  • ExMSW4319's avatar
    ExMSW4319
    Nov 25, 2020

    Björn Lagerwall 

     

    In theory I believe that you can turn off the spoofing tip for a specific sender, but not a specific recipient. At the foot of your anti-spam policies (currently) on the Security & Compliance portal, Threat Mangement, Policy leaf there is a special special line called Spoof Intelligence Policy. Take the option to review spoofs (always an education) and find your sender. Change the Allowed To Spoof from No to Yes and please let us know if that works.

     

    Be warned that on a tenancy of any size, the policy is [somewhat slow] to display. The sender also has to be tagged once before they can be exempted. I would further be interested to know how many exemptions the policy can hold. Those following Secure by Default will not be surprised that only senders and not sending domains can be exempted.

     

    If this theory is correct then the location of the special special line on portal means that you cannot have multiple settings for different policies so you cannot have a different setting for a specific recipient or group of recipients, but I may be wrong and as we know, all things change sooner rather than later.

ExMSW4319's avatar
ExMSW4319
Iron Contributor
Nov 25, 2020
Beware that in the first quarter of 2019 the abuse (not spoofing) of Forms was so bad that I had to edit our web policies to present a proxy warning on any Forms link. In fairness to Microsoft they have always had a "do not enter any password" warning on Forms and have made a number of improvements since, but we found that a few well-chosen graphics were enough to make recipients ignore the warnings and the defences I've seen in the Message Center recently are to do with intruders abusing an organisation's own forms. The phishing problem was presumably from the freemail and low customer tier on O365 with weak administration and probably no MFA. Unlike SPO, Forms URLs are nicely anonymous. I have not looked to see how busy my policy has been of late.

Resources