cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a way to have Exchange/Outlook block all messages from unauthorized senders?

Luke Chung
Brass Contributor

‎Apr 21 2022 08:01 AM - edited ‎Apr 21 2022 08:04 AM

‎Apr 21 2022 08:01 AM - edited ‎Apr 21 2022 08:04 AM

Is there a way to have Exchange/Outlook block all messages from unauthorized senders?

We keep receiving phishing emails though our Office365 account. They are from unauthorized senders where the message header shows failed SPF validation and many other flags. For example, here are several failures in the header of just one message:

 

  1. ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=fail;
  2. dmarc=fail (p=none sp=none pct=100) action=none header.from=cushwake.com;
  3. dkim=fail (signature did not verify)
  4. Received-SPF: Fail (protection.outlook.com: domain of XYZ.com does not
    designate 45.79.195.163 as permitted sender) receiver=protection.outlook.com;

Even worse, sometimes the sender's email is from our own domain. Office365 should not let any of those through, especially if they have attachments and are extremely dangerous.

 

Do we a mis-configured setting, or is this just a limitation of Exchange/Office365 to block them?

 

Alternatively, is there a way we can pre-filter the incoming email so that we can add our own code to review the headers and reject any that have SPF failures?

 

Thanks.

Labels:
2,351 Views
0 Likes
3 Replies
Reply
3 Replies
Adin_Calkic

‎Apr 25 2022 02:04 PM

‎Apr 25 2022 02:04 PM

Re: Is there a way to have Exchange/Outlook block all messages from unauthorized senders?

Hi @Luke Chung ,

 

I am not sure what license sku you have in your tenant, but you should look into implementing Defender for Office 365. If the user is sending email from multiple domains, it will be difficult to block unless they are sending emails from a single static IP address. 

 

I would look into implementing Defender for Office 365 (you will need Business Premium license), and then implement policies along with adding DKIM/DMARC records. 

 

You can read about defender here.

0 Likes
Reply
Luke Chung

‎Apr 25 2022 07:47 PM

‎Apr 25 2022 07:47 PM

Re: Is there a way to have Exchange/Outlook block all messages from unauthorized senders?

@Adin_Calkic 

 

Thank you. We have Defender for Office 365 but it doesn't seem to block emails with headers that have failed SPF. Blocking emails from unauthorized senders is a pretty basic feature of a spam blocker. 

 

Is there a particular setting we may have set incorrectly? Where or what DKIM/DMARC records need to be stopped? 

0 Likes
Reply
Adin_Calkic

‎Apr 26 2022 02:36 AM - edited ‎Apr 26 2022 04:15 AM

‎Apr 26 2022 02:36 AM - edited ‎Apr 26 2022 04:15 AM

Re: Is there a way to have Exchange/Outlook block all messages from unauthorized senders?

Hi @Luke Chung ,

 

do you have TXT record _dmarc set to v=DMARC1; p=quarantine; pct=100 . This setting will send failed emails to quarantine. 

 

Also, if you set p=reject; instead of quarantine. it will reject the messages. But I would use quarantine.

0 Likes
Reply