Exchange Approval - prevent sending rejection messages

%3CLINGO-SUB%20id%3D%22lingo-sub-1404853%22%20slang%3D%22en-US%22%3EExchange%20Approval%20-%20prevent%20sending%20rejection%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1404853%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewe%20have%20implemented%20an%20Exchange%20rule%2C%20which%20sends%20messages%20into%20approval%20if%20the%20sender%20uses%20our%20domain%20but%20is%20outside%20of%20the%20organization%20-%20basically%20spoofing%20protection.%20This%20works%20as%20expected.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20we%20receive%20messages%2C%20which%20were%20spoofed%2C%20we%20have%20the%20possibility%20to%20Accept%20or%20Reject%20them.%20Most%20of%20the%20messages%20are%20rejected%2C%20only%20a%20few%20are%20accepted.%20When%20we%20reject%20a%20message%20a%20response%20is%20sent%20to%20the%20spoofed%20email%20address%20which%20causes%20confusion%2C%20because%20the%20rejection%20response%20is%20sent%20to%20a%20user%20inside%20of%20our%20organization.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20some%20approach%20to%20prevent%20rejection%20message%20to%20be%20sent%20to%20users%20inside%20of%20the%20organization%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1404853%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1405656%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Approval%20-%20prevent%20sending%20rejection%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1405656%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F134787%22%20target%3D%22_blank%22%3E%40Kiril%20Valev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20it%20would%20be%20helpful%20if%20you%20could%20share%20a%20screenshot%20of%20the%20transport%20rule%20you%20have%20configured%20please%3F%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1406146%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Approval%20-%20prevent%20sending%20rejection%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1406146%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20response%20-%20sure%2C%20good%20point%3B%20screenshot%20included%20below.%20Now%2C%20when%20we%20receive%20phishing%20from%20spoofed%20senders%20and%20I%20reject%20them%2C%20the%20rejection%20message%20is%20sent%20to%20the%20person%20inside%20our%20organization.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22prevent%20spoofing.png%22%20style%3D%22width%3A%20499px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193335i17EBC9825C9A88EC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22prevent%20spoofing.png%22%20alt%3D%22prevent%20spoofing.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1406532%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Approval%20-%20prevent%20sending%20rejection%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1406532%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F134787%22%20target%3D%22_blank%22%3E%40Kiril%20Valev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOK%2C%20and%20the%20rejection%20message%20comes%20from%20an%20email%20address%20along%20the%20lines%20of%20the%20below%20right%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-05-20%20at%2019.34.17.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193363i1053932ABCE7B5F9%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot%202020-05-20%20at%2019.34.17.png%22%20alt%3D%22Screenshot%202020-05-20%20at%2019.34.17.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1411468%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Approval%20-%20prevent%20sending%20rejection%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1411468%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20looks%20pretty%20much%20like%20it.%20Should%20I%20just%20block%20those%20emails%2C%20or%20redirect%20them%20to%20myself%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1411733%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Approval%20-%20prevent%20sending%20rejection%20messages%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1411733%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F134787%22%20target%3D%22_blank%22%3E%40Kiril%20Valev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20be%20hesitant%20to%20block%20them%2C%20but%20if%20they%20are%20causing%20annoyance%20then%20maybe%20forward%20them%20to%20your%20mailbox%20as%20you%20suggest.%20Maybe%20do%20another%20transport%20rule%20to%20forward%20to%20you%20along%20the%20lines%20of%20the%20below%20and%20include%20the%20word%20Rejected%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-05-22%20at%2015.17.43.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193911i9F60CC6122A1585A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot%202020-05-22%20at%2015.17.43.png%22%20alt%3D%22Screenshot%202020-05-22%20at%2015.17.43.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Dear Community,

 

we have implemented an Exchange rule, which sends messages into approval if the sender uses our domain but is outside of the organization - basically spoofing protection. This works as expected.

 

When we receive messages, which were spoofed, we have the possibility to Accept or Reject them. Most of the messages are rejected, only a few are accepted. When we reject a message a response is sent to the spoofed email address which causes confusion, because the rejection response is sent to a user inside of our organization.

 

Is there some approach to prevent rejection message to be sent to users inside of the organization?

5 Replies
Highlighted

@Kiril Valev 

 

Hi, it would be helpful if you could share a screenshot of the transport rule you have configured please?  

 

Thank you.

Highlighted

@PeterRising 

 

Thank you for your response - sure, good point; screenshot included below. Now, when we receive phishing from spoofed senders and I reject them, the rejection message is sent to the person inside our organization.

 

prevent spoofing.png

Highlighted

@Kiril Valev 

 

OK, and the rejection message comes from an email address along the lines of the below right?

 

Screenshot 2020-05-20 at 19.34.17.png

Highlighted

@PeterRising 

 

Yes, looks pretty much like it. Should I just block those emails, or redirect them to myself?

Highlighted

@Kiril Valev 

 

I would be hesitant to block them, but if they are causing annoyance then maybe forward them to your mailbox as you suggest. Maybe do another transport rule to forward to you along the lines of the below and include the word Rejected:

 

Screenshot 2020-05-22 at 15.17.43.png