Bypass domain impersonation

Brass Contributor

Hey Guys, 

 

Hoping you can help here. I am trying to make it so messages sent from Survey Monkey are actually delivered to our users. 

 

The problem i have is that the messages are always quarantined and flagged as CAT:DIMP Number 9.19. I have tried to add the 3 sending email addresses into the Allow list inside the Anti-Phishing Filter but it does not seem to make a difference. 

 

I have tried to add this in the Allow/Block list but it does not seem to work either. 

 

domain.com, sparkpostmail.com

 

domain = the DIMP domain (not in our tenant but in a different tenant) 

MX = sparkpostmail.com (or spakpost.com) 

 

Our domain MX records point directly to EOP. 

 

either way it makes no difference and the messages are still flagged. and placed into the quarantine. here is the URL i am getting my info from. 

 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?...

 

Any ideas on what i am doing wrong? mind you that whenever i add an IP Address as the sending infrastructure, that doesn't seem to work, it seems like the PTR records are required for any bypass to work (in my other tests that is). 

 

Thanks, 

 

Robert 

 

0 Replies