Exchange Online receiving "received-spf: Fail" spam from own domain

Copper Contributor



Our users (Echange Online) experience phishing emails in their mailboxes, coming from their own email address. The header info states:



From: Patrick  <>
To: Patrick  <>
Subject: Fwd: New ORDER


received-spf: Fail ( domain of does not
designate as permitted sender);
client-ip=; helo=LPCC-DC.lpcc.local;


But still they receive those emails. I thought spf would block any emails coming from servers that are not allowed? Our sfp record in DNS is configured correctly:


TXT v=spf1 -all


So how can we stop these spamming emails from entering our boxes?

2 Replies
Enable impersonation protection in Office365 on your domain in the security and compliance centre.

Best, Chris

SPF fail on its own might not be enough for a message to be quarantined, you can fine tune this behavior with the Advanced Spam Filtering options' Hard-fail toggle:


Or via custom transport rules, such as the example here:


Or using the additional tools that are part of ATP/E5, if you are paying for this, as suggested by Christopher :)