cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identify DKIM fails

markus_r
Copper Contributor

‎Nov 27 2018 03:56 AM

‎Nov 27 2018 03:56 AM

Identify DKIM fails

Dear community,

sometimes we receive Emails pretending to be from our own Exchange colleagues, what is obviously not true. The mails are not DKIM signed and the return path is different. What’s the easiest way to to sort them out in Exchange 365? I cannot identify one single sending server’s IP or return email, it’s always a different one… Further, I don’t want to setup for each user one individual rule...

 

Thanks in advance!

Markus

Labels:
1,206 Views
0 Likes
4 Replies
Reply
4 Replies
Christopher Hoard

‎Nov 27 2018 04:51 AM

‎Nov 27 2018 04:51 AM

Re: Identify DKIM fails

Impersonation Protection in Office 365 stops users receiving emails on their domain outside the organisation.

Best, Chris
0 Likes
Reply
markus_r

‎Nov 27 2018 06:15 AM - edited ‎Nov 27 2018 06:15 AM

‎Nov 27 2018 06:15 AM - edited ‎Nov 27 2018 06:15 AM

Re: Identify DKIM fails

Thanks Chris,

 

I'll find out, how to enable this correctly. ATP is already licenced. I'll revert. MS Supporties never mentioned this possibility - though I've explained my issue in length!! :(

 

Best regards,

Markus

 

 

0 Likes
Reply
Christopher Hoard

‎Nov 27 2018 06:18 AM

‎Nov 27 2018 06:18 AM

Re: Identify DKIM fails

Hi Markus,

No worries! Please see here!

https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies

It will be in the security and compliance section of the control panel. Let me know how you get on!

Best, Chris
0 Likes
Reply
Vasil Michev

‎Nov 27 2018 09:25 AM

‎Nov 27 2018 09:25 AM

Re: Identify DKIM fails

If you already have ATP, you should be covered by the "Impersonation intelligence" feature. You can get a list of senders/impersonated users here:https://protection.office.com/#/impersonationinsight?type=User&status=3

 

There is also the Spoof intelligence feature: https://docs.microsoft.com/en-us/office365/securitycompliance/learn-about-spoof-intelligence?redirec...

and the corresponding "insights": https://protection.office.com/#/spoofintelligence?confidence=2&type=External&decision=0&allow=No&ins...

 

Note that all of this are still subject to any whitelisting rules, so if such messages are still getting through, check your transport rules, whitelists and safe senders.

0 Likes
Reply