Trusting messages from Microsoft

Occasional Contributor

We setup a mail flow rule in Office 365 Exchange for External Messages.  It prepends "External" to the subject and prepends a disclaimer at the top of the message.

 

My question is -- can we safely exempt domains such as email.teams.microsoft.com ?  These are messages that come from Microsoft / Office 365.  My concern is -- is there any way for these domains to be spoofed that would fool the mail rule exemption?

 

Thank you.

1 Reply

They can be spoofed and you shouldnt be excluding anything based on the email address alone.