Stop treat emails being sent from various alternate emails?

Copper Contributor

Hi All,

I have a issue where I have an ex-employee sending email threats to internal employees from random email addresses. At present is would appear that the ex-employee is being informed by another internal employee as soon as we block the address. The email is targeted in a foreign language to a specific group of users.

 

Question: How do we block these emails when they come from various domains and random email addresses?

 

Can I create some kind of smart exchange online rule or set a defender policy to stop this?

 

Hope someone can assist?

1 Reply
I can't really see any way you can detect this with any real accuracy. If you know that these are from a particular language you can set an anti-spam rule with language as one of the detections, but if you get legitimate email using these languages, then you will get lots of false positives