Forum Discussion

dgillespie-adf's avatar
dgillespie-adf
Brass Contributor
Aug 26, 2020
Solved

Block Display Name Spoof in EAC

I'm sure we are all dealing with a tremendous uptick in spam/spoof since Covid so what I am looking to do is combat the Display Name spoof.  The typical scenario is a bad actor sends from a gmail acc...
microsoft 365 admin center
office 365
  • VasilMichev's avatar
    VasilMichev
    Aug 27, 2020

    You can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar. 

VasilMichev's avatar
VasilMichev
MVP
Aug 27, 2020

You can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar. 

  • dgillespie-adf's avatar
    dgillespie-adf
    Brass Contributor
    Aug 27, 2020

    Thanks for the reply VasilMichev  - so I made a rule that looks like this and it works!

     

    • Vaman-Kini's avatar
      Vaman-Kini
      Brass Contributor
      Aug 27, 2020

      dgillespie-adf   I have had success with the Impersonation policy under phishing wherein we tested with <Myname> myname@domain.com added to the list of users to protect and send an email from  <Myname> xyz@somedomain.com . The policy detected it to be impersonation. 

       

      I wanted to test this safely with the Senior management email address and trying figure out a safe way to do that.  documentation is here 

      • mnoah's avatar
        mnoah
        Copper Contributor
        Apr 09, 2024

        Vaman-Kini that's great until the threat actor finds a variation of the employees name and uses that.  For example, on linked in an employee might have First Middle Last name.  But in MS only have First and Last. You cannot enter another entry to include the middle name as you will get an "Email already exists" for that email account you're trying to protect.

Resources