Forum Discussion
Exchange Online receiving "received-spf: Fail" spam from own domain
Dear, Our users (Echange Online) experience phishing emails in their mailboxes, coming from their own email address. The header info states: ... From: Patrick <patrick@xxxxx.be> To: Patric...
SPF fail on its own might not be enough for a message to be quarantined, you can fine tune this behavior with the Advanced Spam Filtering options' Hard-fail toggle: https://docs.microsoft.com/en-us/office365/securitycompliance/advanced-spam-filtering-asf-options
Or via custom transport rules, such as the example here: https://blogs.technet.microsoft.com/eopfieldnotes/2018/02/09/combating-display-name-spoofing/
Or using the additional tools that are part of ATP/E5, if you are paying for this, as suggested by Christopher :)