Apr 23 2019
Our company would like to set an Alert or some kind of notification to end user when sender e-mail address and reply-to e-mail address are different to avoid spoofed e-mail address
E.g Sender e-mail address firstname.lastname@example.org and reply to address email@example.com
We had an incident where the user had a contact in safe sender list which was exploited and an attacker spoofed sender address in the contact & sent the e-mail
For end user, it was difficult to identify it as spoofed e-mail, when we checked the reply to address was different.
Hence the company want to set some alert mechanism
Apr 24 2019
Detecting spoofed messages is not as easy as that. Explore the features we have available as part of ATP if you havent done so already, those inlcude tips that notify the user when the anti-spoof checks fail: https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection
In addition, you can also add a transport rule that prepends messages sent from external parties with some warning text, or change the message subject, etc.