Best practice for external incoming invoice/remittance/payable emails

%3CLINGO-SUB%20id%3D%22lingo-sub-2524023%22%20slang%3D%22en-US%22%3EBest%20practice%20for%20external%20incoming%20invoice%2Fremittance%2Fpayable%20emails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2524023%22%20slang%3D%22en-US%22%3E%3CP%3EGlobal%20company%20here%20with%20customers%20all%20over%20the%20world.%26nbsp%3B%20We%20have%20shared%20mailboxes%20that%20receive%20incoming%20external%20messages%20containing%20invoices%20and%20remittance%20information%20-%20100s%20per%20day.%26nbsp%3B%20These%20are%20unmanaged%20mailboxes%20-%20an%20automation%20moves%20the%20messages%20to%20an%20enterprise%20accounts%20receivable%20application.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EProblem%3A%26nbsp%3B%2025%25%20of%20the%20incoming%20messages%20go%20to%20Quarantine%20in%20Office%20365%20as%20Phish%20or%20High%20Confidence%20Phish%2C%20due%20to%20our%20Anti-spam%20policy.%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EThese%20messages%20contain%20tons%20of%20keywords%20that%20are%20probably%20impacting%20deliverability.%26nbsp%3B%20('bank%20account'%2C%20'payment'%2C%20'invoice'%2C%20etc.)%20These%20messages%20would%20appear%20to%20be%20exactly%20the%20type%20of%20risk%20that%20quarantining%20is%20set%20up%20to%20mitigate.%26nbsp%3B%20Except%2C%20these%20messages%20are%20legitimate.%3C%2FLI%3E%3CLI%3EThese%20remittances%20can%20come%20from%20just%20about%20any%20external%20email%20account.%26nbsp%3B%20Setting%20up%20rules%20based%20on%20sender%20or%20domain%20isn't%20possible.%26nbsp%3B%20There%20is%20no%20consistency%20in%20their%20submissions%2C%20they%20all%20use%20different%20remittance%20forms%20and%20formatting.%26nbsp%3B%20Not%20all%20are%20DMARC%20compliant.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EAnyone%20have%20any%20suggestions%20for%20ways%20to%20safely%20receive%20messages%20of%20this%20nature%20without%20compromising%20email%20security%3F%26nbsp%3B%20%26nbsp%3BHow%20does%20your%20organization%20handle%20them%3F%26nbsp%3B%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2524023%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2524112%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20practice%20for%20external%20incoming%20invoice%2Fremittance%2Fpayable%20emails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2524112%22%20slang%3D%22en-US%22%3E%3CP%3EThere's%20no%20universal%20solution%20sadly.%20You%20can%20however%20automate%20the%20release%20from%20Quarantine%20via%20PowerShell%2C%20but%20just%20to%20be%20on%20the%20safe%20side%20it%20might%20be%20best%20to%20manually%20review%20the%20messages%20anyway.%20Some%20improvements%20in%20handling%20quarantine%20for%20shared%20mailboxes%20are%20also%20coming%2C%20and%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174392%22%20target%3D%22_blank%22%3E%40Arindam%20Thokder%3C%2FA%3E%26nbsp%3Bmight%20be%20give%20more%20insight%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Global company here with customers all over the world.  We have shared mailboxes that receive incoming external messages containing invoices and remittance information - 100s per day.  These are unmanaged mailboxes - an automation moves the messages to an enterprise accounts receivable application.

 

Problem:  25% of the incoming messages go to Quarantine in Office 365 as Phish or High Confidence Phish, due to our Anti-spam policy.    

  1. These messages contain tons of keywords that are probably impacting deliverability.  ('bank account', 'payment', 'invoice', etc.) These messages would appear to be exactly the type of risk that quarantining is set up to mitigate.  Except, these messages are legitimate.
  2. These remittances can come from just about any external email account.  Setting up rules based on sender or domain isn't possible.  There is no consistency in their submissions, they all use different remittance forms and formatting.  Not all are DMARC compliant.

Anyone have any suggestions for ways to safely receive messages of this nature without compromising email security?   How does your organization handle them?  Thank you!

1 Reply

There's no universal solution sadly. You can however automate the release from Quarantine via PowerShell, but just to be on the safe side it might be best to manually review the messages anyway. Some improvements in handling quarantine for shared mailboxes are also coming, and @Arindam Thokder might be give more insight here.