Identify DKIM fails

%3CLINGO-SUB%20id%3D%22lingo-sub-291567%22%20slang%3D%22en-US%22%3EIdentify%20DKIM%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291567%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EDear%20community%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Esometimes%20we%20receive%20Emails%20pretending%20to%20be%20from%20our%20own%20Exchange%20colleagues%2C%20what%20is%20obviously%20not%20true.%20The%20mails%20are%20not%20DKIM%20signed%20and%20the%20return%20path%20is%20different.%20What%E2%80%99s%20the%20easiest%20way%20to%20to%20sort%20them%20out%20in%20Exchange%20365%3F%20I%20cannot%20identify%20one%20single%20sending%20server%E2%80%99s%20IP%20or%20return%20email%2C%20it%E2%80%99s%20always%20a%20different%20one%E2%80%A6%20Further%2C%20I%20don%E2%80%99t%20want%20to%20setup%20for%20each%20user%20one%20individual%20rule...%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%20in%20advance!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EMarkus%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-291567%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-291743%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20DKIM%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291743%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20already%20have%20ATP%2C%20you%20should%20be%20covered%20by%20the%20%22Impersonation%20intelligence%22%20feature.%20You%20can%20get%20a%20list%20of%20senders%2Fimpersonated%20users%20here%3A%3CA%20href%3D%22https%3A%2F%2Fprotection.office.com%2F%23%2Fimpersonationinsight%3Ftype%3DUser%26amp%3Bstatus%3D3%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fprotection.office.com%2F%23%2Fimpersonationinsight%3Ftype%3DUser%26amp%3Bstatus%3D3%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20is%20also%20the%20Spoof%20intelligence%20feature%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Flearn-about-spoof-intelligence%3FredirectSourcePath%3D%25252fen-us%25252farticle%25252fLearn-more-about-spoof-intelligence-978c3173-3578-4286-aaf4-8a10951978bf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Flearn-about-spoof-intelligence%3FredirectSourcePath%3D%25252fen-us%25252farticle%25252fLearn-more-about-spoof-intelligence-978c3173-3578-4286-aaf4-8a10951978bf%3C%2FA%3E%3C%2FP%3E%0A%3CP%3Eand%20the%20corresponding%20%22insights%22%3A%20%3CA%20href%3D%22https%3A%2F%2Fprotection.office.com%2F%23%2Fspoofintelligence%3Fconfidence%3D2%26amp%3Btype%3DExternal%26amp%3Bdecision%3D0%26amp%3Ballow%3DNo%26amp%3Binsightmode%3Dyes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fprotection.office.com%2F%23%2Fspoofintelligence%3Fconfidence%3D2%26amp%3Btype%3DExternal%26amp%3Bdecision%3D0%26amp%3Ballow%3DNo%26amp%3Binsightmode%3Dyes%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%20that%20all%20of%20this%20are%20still%20subject%20to%20any%20whitelisting%20rules%2C%20so%20if%20such%20messages%20are%20still%20getting%20through%2C%20check%20your%20transport%20rules%2C%20whitelists%20and%20safe%20senders.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-291629%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20DKIM%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291629%22%20slang%3D%22en-US%22%3EHi%20Markus%2C%3CBR%20%2F%3E%3CBR%20%2F%3ENo%20worries!%20Please%20see%20here!%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fset-up-anti-phishing-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fset-up-anti-phishing-policies%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20will%20be%20in%20the%20security%20and%20compliance%20section%20of%20the%20control%20panel.%20Let%20me%20know%20how%20you%20get%20on!%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-291628%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20DKIM%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291628%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Chris%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'll%20find%20out%2C%20how%20to%20enable%20this%20correctly.%26nbsp%3BATP%20is%20already%20licenced.%20I'll%20revert.%20MS%20Supporties%20never%20mentioned%20this%20possibility%20-%20though%20I've%20explained%20my%20issue%20in%20length!!%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EMarkus%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-291586%22%20slang%3D%22en-US%22%3ERe%3A%20Identify%20DKIM%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-291586%22%20slang%3D%22en-US%22%3EImpersonation%20Protection%20in%20Office%20365%20stops%20users%20receiving%20emails%20on%20their%20domain%20outside%20the%20organisation.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Dear community,

sometimes we receive Emails pretending to be from our own Exchange colleagues, what is obviously not true. The mails are not DKIM signed and the return path is different. What’s the easiest way to to sort them out in Exchange 365? I cannot identify one single sending server’s IP or return email, it’s always a different one… Further, I don’t want to setup for each user one individual rule...

 

Thanks in advance!

Markus

4 Replies
Highlighted
Impersonation Protection in Office 365 stops users receiving emails on their domain outside the organisation.

Best, Chris
Highlighted

Thanks Chris,

 

I'll find out, how to enable this correctly. ATP is already licenced. I'll revert. MS Supporties never mentioned this possibility - though I've explained my issue in length!! :(

 

Best regards,

Markus

 

 

Highlighted
Hi Markus,

No worries! Please see here!

https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-anti-phishing-policies

It will be in the security and compliance section of the control panel. Let me know how you get on!

Best, Chris
Highlighted

If you already have ATP, you should be covered by the "Impersonation intelligence" feature. You can get a list of senders/impersonated users here:https://protection.office.com/#/impersonationinsight?type=User&status=3

 

There is also the Spoof intelligence feature: https://docs.microsoft.com/en-us/office365/securitycompliance/learn-about-spoof-intelligence?redirec...

and the corresponding "insights": https://protection.office.com/#/spoofintelligence?confidence=2&type=External&decision=0&allow=No&ins...

 

Note that all of this are still subject to any whitelisting rules, so if such messages are still getting through, check your transport rules, whitelists and safe senders.