Set Alert notification when sender e-mail address and reply to e-mail address are different

Occasional Visitor

Hi There,


Our company would like to set an Alert or some kind of notification to end user when sender e-mail address and reply-to e-mail address are different to avoid spoofed e-mail address


E.g Sender e-mail address and reply to address 


We had an incident where the user had a contact in safe sender list which was exploited and an attacker spoofed sender address in the contact & sent the e-mail


For end user, it was difficult to identify it as spoofed e-mail, when we checked the reply to address was different.


Hence the company want to set some alert mechanism

1 Reply

Detecting spoofed messages is not as easy as that. Explore the features we have available as part of ATP if you havent done so already, those inlcude tips that notify the user when the anti-spoof checks fail:


In addition, you can also add a transport rule that prepends messages sent from external parties with some warning text, or change the message subject, etc.