Why did this incoming email get through Office 365 spam filters ? What policy do I need to "tune"?

Copper Contributor

Hello,

We use Office 365 mail, we got this spam email this morning.

Here is the header with our receipt domain removed :

 

Received: from YQXPR01MB6187.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:29::22)
by YT4PR01MB9797.CANPRD01.PROD.OUTLOOK.COM with HTTPS; Mon, 9 May 2022
20:41:19 +0000
Received: from YT3PR01CA0136.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:83::21)
by YQXPR01MB6187.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:29::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.21; Mon, 9 May
2022 20:41:14 +0000
Received: from YT3CAN01FT003.eop-CAN01.prod.protection.outlook.com
(2603:10b6:b01:83:cafe::d2) by YT3PR01CA0136.outlook.office365.com
(2603:10b6:b01:83::21) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.21 via Frontend
Transport; Mon, 9 May 2022 20:41:14 +0000
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (52.100.160.233)
by YT3CAN01FT003.mail.protection.outlook.com (10.118.140.130) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5227.15 via Frontend Transport; Mon, 9 May 2022 20:41:14 +0000
Received: from DM6PR07CA0117.namprd07.prod.outlook.com (2603:10b6:5:330::32)
by CY4PR0201MB3572.namprd02.prod.outlook.com (2603:10b6:910:8c::32) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.23; Mon, 9 May
2022 20:41:11 +0000
Received: from DM6NAM12FT053.eop-nam12.prod.protection.outlook.com
(2603:10b6:5:330:cafe::37) by DM6PR07CA0117.outlook.office365.com
(2603:10b6:5:330::32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.21 via Frontend
Transport; Mon, 9 May 2022 20:41:11 +0000
Received: from breckcraigint.pro (195.58.39.137) by
DM6NAM12FT053.mail.protection.outlook.com (10.13.179.125) with Microsoft SMTP
Server id 15.20.5250.8 via Frontend Transport; Mon, 9 May 2022 20:41:11 +0000
Received: from SYAPR01MB2960.ausprd01.prod.outlook.com (2603:10c6:1:12::22) by
ME1PR01MB1235.ausprd01.prod.outlook.com with HTTPS; Sun, 8 May 2022 04:00:40
+0000
Received: from SYXPR01CA0100.ausprd01.prod.outlook.com (2603:10c6:0:2e::33) by
SYAPR01MB2960.ausprd01.prod.outlook.com (2603:10c6:1:12::22) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5227.18; Sun, 8 May 2022 04:00:37 +0000
Received: from SY4AUS01FT005.eop-AUS01.prod.protection.outlook.com
(2603:10c6:0:2e:cafe::e6) by SYXPR01CA0100.outlook.office365.com
(2603:10c6:0:2e::33) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.18 via Frontend
Transport; Sun, 8 May 2022 04:00:37 +0000
Received: from o1401.shared.klaviyomail.com (168.245.125.63) by
SY4AUS01FT005.mail.protection.outlook.com (10.114.156.159) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5227.15 via Frontend Transport; Sun, 8 May 2022 04:00:36 +0000
Received: by filterdrecv-587b769b88-2bpk5 with SMTP id filterdrecv-587b769b88-2bpk5-1-62774062-56
2022-05-08 04:00:34.371597831 +0000 UTC m=+2700818.931010760
Received: from MTk3MDQ3Mzc (unknown)
by geopod-ismtpd-1-5 (SG) with HTTP
id Rs3WzlZyRbmab0T598cUNQ
Sun, 08 May 2022 04:00:34.261 +0000 (UTC)
From: keto <hello@biglifejournal.com>
To: Any Valcourt <------->
Subject: FW: diet.
Thread-Topic: diet.
Thread-Index: AQHYY+Uix6D7DtGDzEymk6dyXQpSUg==
Date: Sun, 8 May 2022 04:00:34 +0000
Message-ID: <Rs3WzlZyRbmab0TTFfvZShWV4BG]cUNQ@geopod-ismtpd-1-5>
List-Unsubscribe:
=?us-ascii?Q?=3Chttp=3A=2F=2Fbig-life-journal---ausnz=2Emyklpages=2Ecom=2Fp=2Femailpreferen?=
=?us-ascii?Q?ces=3Fa=3DSTzgJx&c=3D01FPA9VP9FTXAH62NDVNDNB7?=
=?us-ascii?Q?2Z&k=3D47413ed3e939d9c4e9aecabd4f1e9019&m?=
=?us-ascii?Q?=3DT2qqDZ&r=3DJ3RccMd=3E?=
Reply-To: "support@bsiglifejournal.com" <support@bsiglifejournal.com>
Content-Language: fr-FR
X-MS-Exchange-Organization-AuthSource:
YT3CAN01FT003.eop-CAN01.prod.protection.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id:
0f0252ea-65c6-432e-bd5e-08da31fc426d
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
received-spf: Pass (protection.outlook.com: domain of
send.ksd1.klaviyomail.com designates 168.245.125.63 as permitted sender)
receiver=protection.outlook.com; client-ip=168.245.125.63;
helo=o1401.shared.klaviyomail.com;
x-ms-exchange-organization-originalclientipaddress: 52.100.160.233
x-ms-exchange-organization-originalserveripaddress: 10.118.140.130
x-ms-publictraffictype: Email
authentication-results: spf=pass (sender IP is 52.100.160.233)
smtp.mailfrom=columbiacentral.edu; dkim=pass (signature was verified)
header.d=columbiacoedu.onmicrosoft.com;dmarc=none action=none
header.from=biglifejournal.com;compauth=softpass reason=202
x-ms-office365-filtering-correlation-id: 0f0252ea-65c6-432e-bd5e-08da31fc426d
x-ms-traffictypediagnostic:
SYAPR01MB2960:EE_|DM6NAM12FT053:EE_|CY4PR0201MB3572:EE_|YT3CAN01FT003:EE_|YQXPR01MB6187:EE_
x-forefront-antispam-report:
CIP:52.100.160.233;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM02-BN1-obe.outbound.protection.outlook.com;PTR:mail-bn1nam07hn2233.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230001)(7916004)(4636009)(286005)(83180400003)(83380400001)(42882007)(496002)(336012)(8676002)(6506007)(22186003)(76236003)(34206002)(7116003)(33964004)(1096003)(75432002)(58800400005)(26005)(8636004)(6512007)(9686003)(6486002)(166002)(84300400001)(19627405001)(83170400001)(36736006)(33716001)(7636003)(16130700016)(47402002)(131040200001)(18121605002)(19627315001)(19607625012);DIR:INB;SFTY:9.25;
x-microsoft-antispam: BCL:1;
x-ms-exchange-crosstenant-originalarrivaltime: 09 May 2022 20:41:14.0635 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Internet
x-ms-exchange-crosstenant-id: 3e2ec463-080b-45b0-a985-052c532917ac
x-ms-exchange-crosstenant-network-message-id:
0f0252ea-65c6-432e-bd5e-08da31fc426d
x-ms-exchange-transport-crosstenantheadersstamped: YQXPR01MB6187
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ksd1.klaviyomail.com;
h=content-type:from:mime-version:subject:reply-to:list-unsubscribe:to; s=m1;
bh=ignkFy+p5H/cOKl305fEybl8jB7GJjbHDFUzuCHPfgY=;
b=Sje97uAIGDZXT68b/atMmmyhc+HymmKzq6VYL9DqX8vLCaPc2D+5ZQ5oNx03m+QsjMqk
ZgR+dA3mpPMpCDZKEA8KnkBqLfjcEy/yVW5UNh6QgUWDBl+Rw8Hf+zLSBWtAbJj+l4FaXL
FsqsMZ45T6+SyssDqFLGm2aFlK7TFXoSY=
x-ms-exchange-transport-endtoendlatency: 00:00:05.0217950
x-eopattributedmessage: 2
x-eoptenantattributedmessage: 3e2ec463-080b-45b0-a985-052c532917ac:0
x-ms-exchange-processed-by-bccfoldering: 15.20.5206.027
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=JVKTs2x9v53Ap3aPrEzIIRNzKRkKTumWXynDeYZep+izOOMGdXuSZ417TkT9w/+4g9zNAqdrP3OjVPd3IymC8VlB5ox2HCXjp4TxJOVhgK6lU8mj08Kae9BdcxvQHyxcrfgRnUwP47pi5mzihqgUcjM7X+va2MxoeaJsZWvMvwFqBR2B6XddY+2mgUzX/yi460DbcYD5l3ojQwLar36gfVYXo8VXhW9CQcQVTG/Yq87EJAvOMMGPeXH8q2HCZjwyK5FkPvrI/jmPdh+z7D4xHKzqF7RxCdYU2xcBHl0HdYFV9ok24KIMGCnc2+KmpcLGNLJ3awFp5qSbAXk1i/N+ag==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=zjEqbvxfbFsKsBscO8Mt9xBfumxdy/vshlmzNCV1mqI=;
b=W29hmN07SHqhvgIOKMpCmSpFxSn9C20WHn3vj1/GWMhY50M+AyX/aLJAZZlUGrRrtegybrna+kDSondN8/NKg/H9rCEOpkYAYiRbhs9iAisnd+etKl1zhqEESwV3lZ/yGup8clm66TrJDjuRj1VpV4vyvK+wVWgk2p7BfTEZRHRzux+wJYq+vzTBQTytPJdNHskNMyPJJjNF1wqXlRowhJ4pRRF8JLseIw0pf6NGvYdkpL7rMpTuEL6T8BeDwnwC2nPfV9RWUU5EEhy5Xt09vXW/8KH5eNYQKjBK2yr3VdGA6me+iBXLEbWnU1nPTqgNsBcZc44xqLiSka43/kYdqA==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
is 2603:10c6:1:12::22) smtp.rcpttodomain=------
smtp.mailfrom=columbiacentral.edu; dmarc=none action=none
header.from=biglifejournal.com; dkim=fail (signature did not verify)
header.d=ksd1.klaviyomail.com; arc=none (0)
x-microsoft-antispam-prvs:
<CY4PR0201MB35722A0BAAE2948C5FB3BC1FDDC69@CY4PR0201MB3572.namprd02.prod.outlook.com>
x-ms-exchange-senderadcheck: 2
x-microsoft-antispam-mailbox-delivery:
ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(920097)(930097);
authentication-results-original: spf=pass (sender IP is 168.245.125.63)
smtp.mailfrom=send.ksd1.klaviyomail.com; dkim=pass (signature was verified)
header.d=ksd1.klaviyomail.com;dmarc=none action=none
header.from=biglifejournal.com;compauth=pass reason=102
x-microsoft-antispam-untrusted: BCL:0;
x-microsoft-antispam-message-info-original:
=?windows-1256?Q?6r+6osACFNFBDicO4cCm4olkXuo2LQ7gU7jjs5k05Cs39tkceEGy6fOK?=
=?windows-1256?Q?Oj9xF12iMD8uf///RxR0/6VHho+NYwuy1CFTZq1lUsm80wGkrRkgQ4g5?=
=?windows-1256?Q?rYb4/YXZFdSsrShv9ORAmn0558uaUG14TyRfmznZ/VcVhZEaV2kKoCSC?=
=?windows-1256?Q?lLyxUslTdY6XmGBYnYRnxGrO+AdCsJlbWwTH5jn8uu/4vaXf4OyR8vJ3?=
=?windows-1256?Q?BKdl9Vz4gTus08njnkoexeht6UD2S0RsEMooCYRv7tPJgLTyIuSguqJg?=
=?windows-1256?Q?k15z2dt/EWCGqd3X3tXx5VnkqfZvwC0hJPXX4JnL5qgVzB83NeK/UVbT?=
=?windows-1256?Q?md+OE0J4/oCGeksoVRMhqL3zNG09WjHg5YeayfqVPddijPc0P0No7JzV?=
=?windows-1256?Q?oUmVJLwMki5gebY+bjqS7tCfpGYN43wPCIteVQ9mvrgMDrj1CDUhUOG9?=
=?windows-1256?Q?cdG5PA6EXx8gCrnJj7Mtr0rvX2WGRpYJtoDMpXTzyWCAqYZdGW/2ie37?=
=?windows-1256?Q?9uwqL7zba4gyZR5wsb1kQ0/S31vZ5Ro2jfLQxDM7pyID3G6ORm2XZ0gw?=
=?windows-1256?Q?fFYpaatH8Y4NF5uCAZjIwTu5Nwa3OGEXcPMIFXbY/ZCNdqrZMygFzEdy?=
=?windows-1256?Q?pR6huIqFeW0X5oAAD3kjXh0cAdANqiR8zKzG2jUYSqSMxTxJRbndkZek?=
=?windows-1256?Q?ia+7OfVtP+eNV36LWVrXtzQyCJ84cV+AbL10G7dDKkewD+3eNrs7XUb6?=
=?windows-1256?Q?TKW8AGTZq/p87W0dcGJLDcW7MDnt3HE9q5VB/8PN/O5rNDsydlktDLAr?=
=?windows-1256?Q?l8cQNheRqxCkMHpwoXkB5G21fZZYD+hr/u69GEKUwtwlayhUtzT81JL+?=
=?windows-1256?Q?JlXlLm77twzd2IPeAQ0gmPmDAAqq6CLY9XsfjXhUJXMcRMph/V6hiq3v?=
=?windows-1256?Q?KzCGIDsRTeHf4gqtPkBJkYNYO3GiW7osYJwS3cFZVt8Sk5mlmkN5UICi?=
=?windows-1256?Q?HV3YnvbzzIYq+vKkCY79QIvQ147PHu+/i1b7W6eQOvAvvqUUs2bN0/+E?=
=?windows-1256?Q?t9Uzqe4weW5ETDvNX52u50qGsn2mfkkrq7K38ienW/FQYcC8LZtEUru5?=
=?windows-1256?Q?RoI=3D?=
x-forefront-antispam-report-untrusted:
CIP:195.58.39.137;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SYAPR01MB2960.ausprd01.prod.outlook.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(7916004)(40470700004)(46966006)(36840700001)(40460700003)(75432002)(36860700001)(42882007)(76236003)(47076005)(336012)(34020700004)(83180400003)(63350400001)(5660300002)(83380400001)(19627405001)(82310400005)(186003)(33716001)(36736006)(8676002)(7116003)(8936002)(786003)(316002)(70586007)(6916009)(32850700003)(70206006)(81166007)(26005)(166002)(83170400001)(6506007)(508600001)(82940400001)(33964004)(6512007)(9686003)(2906002)(6486002)(16130700016)(47402002)(131040200001)(36900700001)(18121605002)(19607625012)(19627315001);DIR:OUT;SFP:1501;
x-ms-exchange-transport-crosstenantheadersstripped:
YT3CAN01FT003.eop-CAN01.prod.protection.outlook.com
x-ms-exchange-transport-crosstenantheaderspromoted:
YT3CAN01FT003.eop-CAN01.prod.protection.outlook.com
x-ms-office365-filtering-correlation-id-prvs:
7ed94765-2d5a-428d-3798-08da31fc40fa
x-ms-exchange-crosstenant-authas: Anonymous
x-ms-exchange-crosstenant-authsource:
YT3CAN01FT003.eop-CAN01.prod.protection.outlook.com
x-ms-exchange-atpmessageproperties: SA|SL
x-ms-exchange-antispam-relay: 0
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(920097)(930097);
X-Microsoft-Antispam-Message-Info:
=?windows-1256?Q?9S6GwkIN05c4pID9A33WQTREaVRmPmPAhlYS0olrmVvcs4m9FAt9ibnO?=
=?windows-1256?Q?XIgbYoUAWkKHcCrMEU6orHLF0tjBBiLe4kon1SV4u011a5c295CPX/u/?=
=?windows-1256?Q?aUlKljXODmPgNoWuyCT2I/pczuZ7QLgig0TwXoYvOKFrTTmu18M9a/zc?=
=?windows-1256?Q?Ygx4k6NgtH/RitX+sGgKryQ3QHWIdjHom6tFx5wKwH/Ih/D1pDlZvr6M?=
=?windows-1256?Q?tyfTGtj5roUIl/nPVnPduGDNrX9esw7agPVIT/GBsu2eQVZFnvVFsMs+?=
=?windows-1256?Q?TbxWVB1YQsEaYd5zUx301G0PZOkhFVWgLvAgXNMVgz0ULKOzeGrbWZIu?=
=?windows-1256?Q?n7TENMz5+BelS4mlKetApLKtBmaZS8/pJ7M06cEDfDqQMhUci45Lu6Hh?=
=?windows-1256?Q?8kgdxkcEjd7QV3GtfAvhs66Xkn9aCHgcukgCdgOOjQXCp6vbXkuKmbYA?=
=?windows-1256?Q?M8OWFiK4rXtPvr9iTNgWnYtbodm/QYSkOvwSRcCmhLEN7kM9HQYM5vCK?=
=?windows-1256?Q?9t1+VjZpcpEF6H0tECjd4lBZwg4JRYfsqL/RkTMK/0BHOLIA6D1bs2z5?=
=?windows-1256?Q?yMe7rn/lOCDoA+hqH1yvF5zopGSKKrbeAe/0i76BRyCknmMABZgFNuoB?=
=?windows-1256?Q?kEibXBGep886rRW5QrE+/6zh9iq9llVSQJtGZg7eZUcGExqVFLxt9uh6?=
=?windows-1256?Q?oTXx5IA4hr/sxijKa0l95VRCZaa8OxhS2RBKzGpvB3Fps4oa3Iq/owjw?=
=?windows-1256?Q?6A9Utr56k7+G0/sUI/t+W89/PPUAxCXfLGRmdzPBlONkUdj+JVMOod2u?=
=?windows-1256?Q?jbbTd215vDAwbRRdFfPQCcjCLZcqJ5BUiQwIneSGO+4jZPy+U7j+0rlt?=
=?windows-1256?Q?YOVL3/DFLJfxLBHbOTsVaiXj4WtG0KSYSeiYoJIoV3Ht5Tm5gSsjEVGj?=
=?windows-1256?Q?HOHy/i3SZuYFVTSG3v9CtCaXn23YaCv29NjW9kLOuIs36pakiYZDI6Fa?=
=?windows-1256?Q?+doPh0TEN03n7yqkB2Y1f7uFIB7L/x8rBa5B2o8gUpj8T7ZkttTaCkI8?=
=?windows-1256?Q?TmzR8t0Zr0y2Azm8e9VM8NePxT8lQ/FxnAspL3XdI0HjczJqRKzecpd+?=
=?windows-1256?Q?qcUTcPBDBOyRs51S1sNADMYwCAeRzH/uIgnHEASEQ9oGfXpE5snPyGGc?=
=?windows-1256?Q?MdQJglLrjzAtCD+AbYQFqgsylPDWJpNqqHfUHp46pqF5n9uJXGoUoysE?=
=?windows-1256?Q?w0PMxWezluqLYlNuPRldiAHCEQ8VkexzL8kZnJi/Gt5XBUQvYeuaCFaX?=
=?windows-1256?Q?RTEkpFn1Sbh0wYGgyo/Q/oAA0fZu0yiVI+bY5NgkUpBt/rpoIsSS/i3X?=
=?windows-1256?Q?0EchVXO6Vz/yZ1J+PPVPsqDjM1ujxuer0biTwjUUaEDdTHAgQZ2ZdaYD?=
=?windows-1256?Q?InHzPe7yujUIbqDeXe7MgKCQaoEWJbywJtRwVDB3BPv40XyA2hYG9pUL?=
=?windows-1256?Q?DyYl8qH4Burok9yLSS69apo0SSlpo7iwxg+sJ1hDJFc08jHPfVCYOjQk?=
=?windows-1256?Q?1vGzsxza1p3jV4j1R+nvfgd2s+BxQ2sXFhrKJREPUTQ0TLax74AR1/tu?=
=?windows-1256?Q?Cd14AbAy9u8oVcmf4QtOdpngF92eK+UU84csq0feYKQn1rfTvfCYnN5s?=
=?windows-1256?Q?o2m479SYODa+VtlZ+JjsOFEQXYYLsSU0WEghW92OJ5Ucr+VVQ5PUkCTj?=
=?windows-1256?Q?Tl59bbW4FR1y9EFGVaoaLUILsQNph7OgUBQ6rWn/fW7rAHUTFWo64c1U?=
=?windows-1256?Q?YsJMATQfJ3RLeY6Jlw3zXbN5CUABJSqXL3G8wYeIrloklAGXYH9XvdTn?=
=?windows-1256?Q?1g/cGTZzjZQEqaQJRfp7UO7dW8PGHSFRFRZbfZ5HZoNTkUBGC9HwS9A8?=
=?windows-1256?Q?ELNX4Q6CT3VA3zWM9ovxYLds21zYwe0GeXlc8nHKOQryyfzgc2fXEKgH?=
=?windows-1256?Q?t/syMK5N3WzSUk7wuwUzYoiitLKtwBDNjtL5PwYylrAH4XXUILxT54EL?=
=?windows-1256?Q?WzECvSMZmvGEkrVtGPR+CQceQjkkqcdBTu5Tt5AEYSPmbHvluc4ggJp1?=
=?windows-1256?Q?o9pNXgA0nm/rAIcU3/kQUlv3FQFOG0Iy9AqGkGVUDJNECx+5USbzQ97z?=
=?windows-1256?Q?EbdVfRQiBiGsAIk77lmdUhW4gS/qJm0B/bLrlPQz/MnCwM9QCQn6QcV7?=
=?windows-1256?Q?wEPVse0bb8CPcb3ge0P9+VQ2jtEe4Jm7qfBG1AHrZW7rk1Z+ghH1k8Q1?=
=?windows-1256?Q?0NEBZclBquQ2jdcwrE1OVbhYIZajPNn3N6ARjk0klly+Txh5PhiufBvN?=
=?windows-1256?Q?Pmj9FNjODfdWpg=3D=3D?=
Content-Type: multipart/alternative;
boundary="_000_Rs3WzlZyRbmab0TTFfvZShWV4BGcUNQgeopodismtpd15_"
MIME-Version: 1.0

 

What 365 policy should I tweak to tighten picking up on SPAM?

Best Regards.

 

6 Replies

@MohAbidi We had the exact same issue and I've opened a Microsoft support ticket.

We have recieved several of these from several different tennants.

Some with defender some without,some with 2fa some without.

 

Submtted to MS but its still coming in.

Opened a ticket and they said just block....  but no answer as to why it passed all these tennants.

 

 

 

@MohAbidi 

@WGCDAVE 

 

We've also seen these mails get through Exchange Online Protection without scrutiny. Please update this post when you hear back from Microsoft.

 

Thanks,

@andrewgrant1 

Microsoft said to just block it......

No mention why they passed the spam filters for clients that have MS Defender for 365 installed and running.

 

Today we have another large round of emails to different tenants     all from  :

MD@news.endeavorb2b.com

I have just had a client contact me to say he has just had a lot of his contacts spammed with a fairly well crafted phishing email that appears to have also originated within Microsoft's own Exchange Online infrastructure and been the same result of some kind of cross tenancy exploit. My money is on that there is some kind of out-of-the-box security vulnerability that appears to be allowing some kind of cross tenancy exploit within their infrastructure. They will, no doubt, be more than tight-lipped about such a vulnerability. Their usual channels for reporting these kinds of things, which are no doubt heavily automated, in my opinion will be inadequate for the seriousness of this matter. I will be trying to open a direct support case with them. Let's see how well they handle this. I won't be holding any high expectations...

 

As a foot note, it seems most other replies to you OP are making references to general spam events and prevention methods. They appear to be missing the fundamental and critical reference to a cross tenancy issue, in your OP. i.e. The spam originated from within Microsoft's own infrastructure. So, geo-blocking or IP subnet/range blocking aren't going to make a blind bit of difference.

@MohAbidi 

Not sure if it may be related to the released by Microsoft recently such as safe link for Teams.