cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Spoofing and distribution groups

JayCeee
Copper Contributor

‎Jan 23 2019 01:15 PM

‎Jan 23 2019 01:15 PM

Spoofing and distribution groups

I have a customer with distribution groups set up to allow external emails however they are not wide open to the world. They are limited by groups in Office 365. We are having a major issue with internal users being spoofed and Office 365 allowing the email to go into the distribution list and be delivered. To the internal people, ATP is catching the spoofs and sending them to junk. The external people are all getting the spoofs delivered to them.

 

I need a way to be able to stop those spoofs from being able to enter the distribution group but so far have found no way to accomplish this. Im hoping someone else has run into this and come up with some kind of clever workaround.

 

Anyone run into this or have any ideas how I can address this?

Labels:
3,317 Views
1 Like
2 Replies
Reply
2 Replies
Vasil Michev

‎Jan 24 2019 01:02 AM

‎Jan 24 2019 01:02 AM

Re: Spoofing and distribution groups

Several options to explore here. You can change the spam policy action to quarantine or remove, you can create a transport rule to detect/reject such messages, report it as false negative and work with support to identify why exactly this is happening. My guess would be that the messages are still being marked as spam but some setting on recipient's end is causing them to end up in Inbox, for example headers being stripped, trusted senders list, etc.

1 Like
Reply
JayCeee

‎Jan 24 2019 06:02 AM

‎Jan 24 2019 06:02 AM

Re: Spoofing and distribution groups

ATP is catching them for internal users but they are still going out to external users. What I would like to do is stop them from going out at all but I dont know how to determine these emails are fake given what I have to work with in the portal for rule creation. They appear to authenticate so I cant check if they are external and use that. Im kind of at a loss. 

 

I have a ticket open with Microsoft regarding this but no one has reached out to me yet. The last 3 Office 365 tickets Ive opened, support has been abysmal on them so Im not really expecting a lot on MS's side.

1 Like
Reply