Anti-Spoofing Exchange Online rule (Manual)

Fraudulent emails are becoming a common cyber threat. Anti-spoofing mail rules set up in Office 365 can help. In these phishing schemes, scammers research internal company names and send emails that look like they are coming from the CEO or someone else in the company. Typically the scam emails request a wire transfer or other proprietary information. 

Phishing herkennen, melden én voorkomen » IIP-vv

Exchange Online mail flow rules can tag the email with a disclaimer to alert the recipient that it may be a scam. The rule can be set up so if an email is coming from outside the organization, but is from an internal domain, the disclaimer will be added to the top of the email, or even be deleted. Here’s how to set up Office 365 Anti-Spoofing Mail Rules.  

STEP 1: Go to the Office 365 Admin portal, and go the Exchange Admin Center.
From the go to Mail flow, Rules, and Create a new rule

STEP 2: Create a new rule with the following settings:

Name: Anti-Spoofing: Flag external senders with internal domainnames
Apply this rule if… : The sender is located….. Outside the organization
And: The sender’s domain is… (your internal domain names)
Do the following: Append the disclaimer

Example disclaimer:
—– This message has been flagged as a possibly spoofed email. The message originated outside of the organization, but is from an internal address. —–

After you’ve saved the rules, you should be good to go.

Leave a Reply

Your email address will not be published. Required fields are marked *