Forum Discussion
Auto forwarding emails treating emails as spoofed
Our company A has recently acquired company B and created mailboxes for them in company A and setup email forwarding from B to A so that they use a single mailbox. Now the issue is whenever users from A send emails to company B email address, its getting spoofed when it comes back to company A due to email forwarding. How can we prevent them from spoofing ?
AndresGorzelany, On further research I found that all these auto-forwarded emails are stamped an attribute Authentication-Results-Original: CompamyB.com. I created a Transport rule to set the SCL value as -1 if this attribute is found in Email-Headers and its working now, however I don't think its an appropriate solution because we are skipping the spam filtering and ATP in this workaround. Other solutions would be appreciated.
5 Replies
- Are these users receiving an NDR? Maybe the default antispam outbound filter policy setting, that recently changed to Off by default might be affecting you, have a look at this
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-worldwide
Better than changing the default the best might be to create a custom policy with the automatic forwarding setting enabled and test.AndresGorzelany, The forwarded emails are reaching well to on company A's EOP. However they are getting quarantined and being treated as spoofed on company A. (Since the sender is also from A and through email forwarding its routed back to A organization). Below diagram would explain it better. Is there any workaround of this.
- I see,
Take a look at this https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#use-the-microsoft-365-defender-portal-to-create-allow-or-block-spoofed-sender-entries-in-the-tenant-allowblock-list and see if this could apply to your scenario.
I'll try to do some tests too.
