cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Auto forwarding emails treating emails as spoofed

vivekvardhan007
New Contributor

‎Jul 08 2021 02:43 PM

‎Jul 08 2021 02:43 PM

Auto forwarding emails treating emails as spoofed

Our company A has recently acquired company B and created mailboxes for them in company A and setup email forwarding from B to A so that they use a single mailbox. Now the issue is whenever users from A send emails to company B email address, its getting spoofed when it comes back to company A due to email forwarding. How can we prevent them from spoofing ?

Labels:
1,379 Views
1 Like
5 Replies
Reply
5 Replies
Andres Gorzelany

‎Jul 08 2021 03:21 PM

‎Jul 08 2021 03:21 PM

Re: Auto forwarding emails treating emails as spoofed

Are these users receiving an NDR? Maybe the default antispam outbound filter policy setting, that recently changed to Off by default might be affecting you, have a look at this

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-outbound-s...

Better than changing the default the best might be to create a custom policy with the automatic forwarding setting enabled and test.
0 Likes
Reply
vivekvardhan007

‎Jul 09 2021 05:46 AM

‎Jul 09 2021 05:46 AM

Re: Auto forwarding emails treating emails as spoofed

@Andres Gorzelany, The forwarded emails are reaching well to on company A's EOP. However they are getting quarantined and being treated as spoofed on company A. (Since the sender is also from A and through email forwarding its routed back to A organization). Below diagram would explain it better. Is there any workaround of this. spoof.jpg

0 Likes
Reply
Andres Gorzelany

‎Jul 09 2021 06:48 AM

‎Jul 09 2021 06:48 AM

Re: Auto forwarding emails treating emails as spoofed

I see,
Take a look at this https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?... and see if this could apply to your scenario.
I'll try to do some tests too.
0 Likes
Reply
best response confirmed by vivekvardhan007 (New Contributor)
vivekvardhan007

‎Jul 15 2021 06:59 AM

‎Jul 15 2021 06:59 AM

Solution

Re: Auto forwarding emails treating emails as spoofed

@Andres Gorzelany, On further research I found that all these auto-forwarded emails are stamped an attribute Authentication-Results-Original: CompamyB.com. I created a Transport rule to set the SCL value as -1 if this attribute is found in Email-Headers and its working now, however I don't think its an appropriate solution because we are skipping the spam filtering and ATP in this workaround. Other solutions would be appreciated.

0 Likes
Reply
Victor Ivanidze

‎Jul 15 2021 07:17 AM

‎Jul 15 2021 07:17 AM

Re: Auto forwarding emails treating emails as spoofed

Could you avoid forwarding by assigning the alias address bob@b.com to bob@a.com?
0 Likes
Reply