Exchange online mailflow rules to block phishing emails

%3CLINGO-SUB%20id%3D%22lingo-sub-366804%22%20slang%3D%22en-US%22%3EExchange%20online%20mailflow%20rules%20to%20block%20phishing%20emails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-366804%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20sure%20if%20this%20is%20the%20place%20to%20ask%20and%20this%20is%20probably%20a%20stupid%20question%2C%20but%20I'll%20give%20it%20a%20go%20anyway.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe've%20just%20received%20another%20spam%2Fphishing%20email%20into%20our%20domain%20that%20wasn't%20picked%20up%20by%20any%20filters.%26nbsp%3B%20The%20sender%20was%26nbsp%3B17047498385%40....%20My%20question%20is%2C%20is%20there%20a%20way%20to%20just%20specify%20that%20any%20emails%20coming%20from%20a%20sender%20who's%20email%20name%20is%20literally%20just%20numbers%20is%20blocked%3F%20A%20mailflow%20rule%20or%20something%20similar%3F%3C%2FP%3E%3CP%3EI%20have%20of%20course%20blocked%20the%20domain%20but%20these%20emails%20just%20keep%20turning%20up%20all%20over%20the%20place%20and%20I%20honestly%20can't%20think%20of%20a%20legitimate%20sender%20that%20would%20just%20have%20numbers%20for%20their%20name%20so%20it%20seems%20to%20me%20like%20an%20obvious%20filtering%20method.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThankful%20for%20any%20advise%20you%20could%20give.%3C%2FP%3E%3CP%3E-Jon%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-366804%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-369534%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20online%20mailflow%20rules%20to%20block%20phishing%20emails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-369534%22%20slang%3D%22en-US%22%3E%3CP%3EWell%2C%20generally%20speaking%20numbers%20are%20perfectly%20acceptable%20as%20an%20email%20alias%2C%20so%20there%20isn't%20any%20predefined%20rule%2Foption%20to%20reject%20messages%20based%20on%20that.%20If%20you%20want%20to%20create%20such%20rule%2C%20you%20should%20be%20able%20to%20use%20regex%20to%20detect%20such%20aliases.%20So%20something%20like%20the%20%22sender%20address%20matches%22%20(%3CI%3E%3CFONT%20face%3D%22Segoe%20UI%22%3EFromAddressMatchesPatterns%3C%2FFONT%3E%3C%2FI%3E)%20condition%20should%20be%20just%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-368376%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20online%20mailflow%20rules%20to%20block%20phishing%20emails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-368376%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20mate%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20be%20curious%20to%20see%20the%20mail%20header%20of%20that%20spam%20e-mail%20if%20you%20are%20ok%20with%20it%20please%20send%20me%20a%20personal%20message%20with%20it.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%20question%20you%20could%20leverage%20the%20Anti-Spam%20and%20Anti-phishing%20Policy%20in%20Office%20365%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20let%20me%20know%20if%20we%20could%20assist%20you%20with%20the%20configuration%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%3C%2FP%3E%3CP%3ESpikar%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hi,

 

I'm not sure if this is the place to ask and this is probably a stupid question, but I'll give it a go anyway.

 

We've just received another spam/phishing email into our domain that wasn't picked up by any filters.  The sender was 17047498385@.... My question is, is there a way to just specify that any emails coming from a sender who's email name is literally just numbers is blocked? A mailflow rule or something similar?

I have of course blocked the domain but these emails just keep turning up all over the place and I honestly can't think of a legitimate sender that would just have numbers for their name so it seems to me like an obvious filtering method.

 

Thankful for any advise you could give.

-Jon  

2 Replies
Highlighted

Hello mate,

 

I would be curious to see the mail header of that spam e-mail if you are ok with it please send me a personal message with it. 

 

Regarding the question you could leverage the Anti-Spam and Anti-phishing Policy in Office 365

 

Please let me know if we could assist you with the configuration

 

Kind regards

Spikar

Highlighted

Well, generally speaking numbers are perfectly acceptable as an email alias, so there isn't any predefined rule/option to reject messages based on that. If you want to create such rule, you should be able to use regex to detect such aliases. So something like the "sender address matches" (FromAddressMatchesPatterns) condition should be just fine.