Apr 09 2019 02:36 AM - edited Apr 09 2019 02:46 AM
a few of our users are getting spam emails that make it seems that the emails are from microsoft.
some are received from their own email address.
upon checking the header, we found this.
dmarc failed.
what else can we do to block such span email
Authentication-Results: spf=none (sender IP is 92.38.163.78)
smtp.mailfrom=noreply.barracudanetworks.com; goldxxxxxx.com.sg; dkim=none
(message not signed) header.d=none;golxxxx.com.sg; dmarc=fail
action=none header.from=golxxxxxxx.com.sg;compauth=fail reason=601
Received-SPF: None (protection.outlook.com: noreply.barracudanetworks.com does
not designate permitted sender hosts)
Received: from noreply.barracudanetworks.com (92.38.163.78) by
PU1APC01FT028.mail.protection.outlook.com (10.152.252.229) with Microsoft
Apr 09 2019 10:03 AM
Well, compauth=fail is a very strong signal, although I'm not sure what reason 601 exactly is. In any case, the message should have been marked as phish or spam. Read more here: https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection
Apr 09 2019 10:17 AM