Jan 06 2020
- last edited on
Apr 01 2022
My company recently received a spoofed phishing email from noreply@[companyname].com and it passed through both our spam and phishing filters. Upon further inspection, it had an SPF fail and originated from Vietnam (Which we block all emails from). My question is that when submitting the email under Threat Management -> Submissions in the Office 365 Security & Compliance Center, this is what I get when its submitted:
Jan 07 2020 12:08 AM
Just run a message trace, it will let you know why. Most likely some sort of a whitelist.
Jan 07 2020 05:43 AM
Thanks@Vasil Michev !
It turns out we had our own domain whitelisted which led to the override of our other security policies.
Jan 07 2020 08:48 AM
That's not as uncommon as one might think - removing your own domain from any whitelists is practically the #1 recommendation from the EOP folks lately.
Nov 30 2020 01:59 AM
@ewinonait How did you discover this whitelist your domain was in? Ive got the excact same situation as you, and have done a message trace - but theres no info for me to act on. Just logs about how it was delivered OK (when it should not)