Jun 08 2022 06:42 AM
Hi Guys,
we got a phishing attempt sent from someone.
the header analyzing shows that the OriginalFromAddress is different.
is there a way to block emails where the OriginalFromAddress is diferent than the From?
here's the data example:
<root><MEP Name="SourceContext" String="0xxxx"/><MEP Name="MailboxServer" String="xxx.eurprd04.prod.outlook.com"/><MEP Name="DeliveryPriority" String="Normal"/><MEP Name="TotalLatency"
Integer="3"/><MEP Name="ReturnPath" String="email address removed for privacy reasons"/><MEP Name="ClientName" String="xxx.eurprd04.prod.outlook.com"/><MEP Name="CustomData"
Blob="S:PrioritizationReason=EnvelopePriority;S:OriginalFromAddress=email address removed for privacy reasons"/><MEP Name="SequenceNumber" Long="0"/><MEP Name="RecipientReference" String=""/></root>
Jun 08 2022 03:24 PM