EOP or Defender for Office 365 not working‎ as espected

bzels123 · ‎Mar 23 2021

Dear Security Team,

We try to test EOP & Defender for Office 365 by sending on purpose SPAM URLs in emails that I know they are SPAM (a simple antispam in "EM Client"), so I forward them to an email of a an E5 developer tenant for test purposes.

Results: non of 4 emails were detected with SPAM URLs.

We try for two of them, to manually add them through the Threath Explorer but even then it did not detect any issue (See attachement).

Is this due to the fact that it were 4 Forwarded emails ? Other reasons ?

thank you in advance for your return

Kind regards,

B.

Joe Stocker · ‎Mar 31 2021

Yes, a forwarded email may pass authentication check such as SPF, DKIM, and DMARC because the new sender is legit. The one case where that may not be the case is the content inspection engine, if it finds substantial keywords in the body then I would expect it to override the valid sender authentication records. So all that to say, try the testing without forwarding.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

EOP or Defender for Office 365 not working‎ as espected

EOP or Defender for Office 365 not working‎ as espected

Re: EOP or Defender for Office 365 not working‎ as espected