cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange online mailflow rules to block phishing emails

JonKL
Copper Contributor

‎Mar 13 2019 06:47 AM

‎Mar 13 2019 06:47 AM

Exchange online mailflow rules to block phishing emails

Hi,

 

I'm not sure if this is the place to ask and this is probably a stupid question, but I'll give it a go anyway.

 

We've just received another spam/phishing email into our domain that wasn't picked up by any filters.  The sender was 17047498385@.... My question is, is there a way to just specify that any emails coming from a sender who's email name is literally just numbers is blocked? A mailflow rule or something similar?

I have of course blocked the domain but these emails just keep turning up all over the place and I honestly can't think of a legitimate sender that would just have numbers for their name so it seems to me like an obvious filtering method.

 

Thankful for any advise you could give.

-Jon  

Labels:
2,094 Views
1 Like
2 Replies
Reply
2 Replies
Spiros Karampinis

‎Mar 13 2019 03:59 PM

‎Mar 13 2019 03:59 PM

Re: Exchange online mailflow rules to block phishing emails

Hello mate,

 

I would be curious to see the mail header of that spam e-mail if you are ok with it please send me a personal message with it. 

 

Regarding the question you could leverage the Anti-Spam and Anti-phishing Policy in Office 365

 

Please let me know if we could assist you with the configuration

 

Kind regards

Spikar

1 Like
Reply
Vasil Michev

‎Mar 14 2019 07:54 AM

‎Mar 14 2019 07:54 AM

Re: Exchange online mailflow rules to block phishing emails

Well, generally speaking numbers are perfectly acceptable as an email alias, so there isn't any predefined rule/option to reject messages based on that. If you want to create such rule, you should be able to use regex to detect such aliases. So something like the "sender address matches" (FromAddressMatchesPatterns) condition should be just fine.

1 Like
Reply