Forum Discussion

SecurityAnalyst's avatar
SecurityAnalyst
Copper Contributor
Apr 18, 2022

External Email Warning Banner for emails Outside of Office Tenancy

Hey guys,

 

My company uses O365 and has a few companies/domains running under the same tenancy. 

I'd like to pitch that we add an external email warning banner to the top of emails that are from external senders. It seems that there are a few good benefits in doing this. 

Something like:

Unfortunately our domains all don't have very strong SPF records (~all is used) and we don't use DKIM/DMARC records for various reasons.

 

We'd like to know more about how it distinguishes external emails, as if we get this wrong, users could trust a process which isn't a 100% correct/working. E.g. if someone spoofs our domain, it will be an accepted domain. 

The " Outside the organization" value seems to be defined here, but it's not too clear to me. - https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/conditions-and-excep...

* I have full admin access (for O365) and the accepted domains (found here https://docs.microsoft.com/en-us/exchange/mail-flow/accepted-domains/accepted-domain-procedures?view...) doesn't seem to specify IPs. Just the domains, which means it may not catch spoofed emails if going by  " Outside the organization" definition, which is one of my fears.

 
Does anyone have any thoughts, ideas, or links on  how we can make sure that this banner apply to ALL emails from outside of our office 365 tenancy? I think that this would be safest way to target this.

* also aware we might have some complaints about users not being able to read the first few line of text on their phones etc. 


Thanks!

Resources