Solved

Email be flagged as Phishing from Exchange 2010

Posted on 2016-11-01
12
42 Views
Last Modified: 2016-11-06
A couple of our users have had their email flagged as phishing in Outlook 2013, 2016.  Is there a way to stop this.  I contacted our ISP to verify that we had a PTR record and the connectors in Exchange are correct.
0
Comment
Question by:K5-Tech
  • 5
  • 4
  • 3
12 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 41868973
The only practical way I know around this is to Whitelist the users in question. There is so much spam, phishing and ransomware emails now that you will not likely get a hearing from your ISP. You can try. I just use my Whitelist as needed.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41868998
Did you users receive an NDR you can share?  That should help us narrow down the root cause.
0
 

Author Comment

by:K5-Tech
ID: 41869010
There was no NDR.  The messages are getting delivered they just have all of the links and attachments disabled until the receiver clicks to enable them.  

The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled.  If you trust this message and want to turn that functionality back on, click here.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41869018
It's tough to say for sure without examining headers.  Feel free to send to me in a private message and I can report back results.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41869024
You cannot use Private Messaging in this forum to solve problems.

If you wish to post the headers, please post them here.
0
 

Author Comment

by:K5-Tech
ID: 41869042
Received: from MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) by
 CY4PR01MB2245.prod.exchangelabs.com (10.169.250.143) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchangelabs.com (10.163.25.19) by
 MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
 (2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.office365.com
 (2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12 via
 Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
 smtp.mailfrom=axisbenefits.com; k5-tech.com; dkim=none (message not signed)
 header.d=none;k5-tech.com; dmarc=permerror action=none
 header.from=axisbenefits.com;k5-tech.com; dkim=none (message not signed)
 header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)
Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
      by Outbound.omegatechnologygroup.net (Proprietary) with SMTP id 1C3B5E716E
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc.comcastbusiness.net [50.193.80.133])
      (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
      (No client certificate requested)
      by zix01.omegatechnologygroup.net (Proprietary) with ESMTPS id 1C826E703C
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c]) by
 AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c%10]) with mapi id
 14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0SLqgAA74LwAAAXTkA=
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>
References: <CC2918922F8865409382803E095EB5942FF9393C@AXISSERVER.axisbenefits.local>
 <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
In-Reply-To: <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
      boundary="_004_CC2918922F8865409382803E095EB5942FF93D59AXISSERVERaxisb_";
      type="multipart/alternative"
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c42c5eda832
X-VPM-HOST: zix01.omegatechnologygroup.net
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf3fd0d9af9f
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization-Network-Message-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e0ed04de-a27a-4e49-9c5b-00e094701550:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: =?us-ascii?Q?CIP:162.220.84.151;IPV:NLI;CTRY:;EFV:NLI;SFV:NSPM;SFS:(97900?=
 =?us-ascii?Q?2)(8156002)(2980300002)(428002)(3020300005)(189002)(199003)(?=
 =?us-ascii?Q?52314003)(501574003)(377454003)(55846006)(19627595001)(19617?=
 =?us-ascii?Q?315012)(15975445007)(84326002)(92566002)(5310100001)(1096003?=
 =?us-ascii?Q?)(8896002)(18206015028)(19300405004)(2900100001)(6916009)(29?=
 =?us-ascii?Q?20100001)(10126002)(2950100002)(16236675004)(3480700004)(509?=
 =?us-ascii?Q?86999)(221733001)(99936001)(54356999)(76176999)(19580395003)?=
 =?us-ascii?Q?(19580405001)(5890100001)(5250100002)(512954002)(9686002)(26?=
 =?us-ascii?Q?0700001)(7696004)(67866002)(7906003)(236004)(33656002)(66926?=
 =?us-ascii?Q?002)(3846002)(101416001)(98436002)(586003)(102836003)(790700?=
 =?us-ascii?Q?001)(10000500002)(11100500001)(7596002)(110136003)(189998001?=
 =?us-ascii?Q?)(105586002)(450100001)(19625215002)(6116002)(7116003)(57578?=
 =?us-ascii?Q?4001)(86362001)(356003)(7636002)(17760045003)(107886002)(626?=
 =?us-ascii?Q?004)(7736002)(7846002)(5660300001)(8676002)(106466001)(24600?=
 =?us-ascii?Q?2)(7099028)(111123002)(7090600002)(969003)(989001)(999001)(1?=
 =?us-ascii?Q?009001)(1019001);DIR:INB;SFP:;SCL:1;SRVR:MWHPR01MB2255;H:zix?=
 =?us-ascii?Q?01.omegatechnologygroup.net;FPR:;SPF:None;PTR:zix01.omegatec?=
 =?us-ascii?Q?hnologygroup.net;MX:1;A:1;LANG:en;?=
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM01FT002;1:XJgjffcBtyWgle3zYBfLWOhPPZ/fG1eJma5THdtuKHRhnEJB26FGSBFHfrm0DB5WZ9BbbtSxEjs9/EvUMwWgB2gZh8atslW7tREpjleUd5+IG8AfVLyRi6bDQLN3BCRasc4O59nlqEALUmhEBxugpWB2JOGVKuGKwSmuNK5RcSG3sUDgYOQtLqlP2tYWpLFXQuS+zRFQGugRRKsyuJIh8is7QWOYIhnCBChZa7pdFCZ+gBfLJmh3e2tsfoqTeD9wtxh5ENBwbMz+0AMD6F14JDajJZI7I/UyrsF2oSgllqZzwp6SP2jL1hj+oyE5mgJ7C0zZ02SD+/MJ9C8LhJE+ASotj89WKAbYhOi6tGuKsj5t+R64t8xPxLcFkJhrp4leUhis4fcwmCssNZZ1kp8DfCNAQkFFkzkL3xr25JKNvtYbH+/m991AGcEkaIr3005W8TLOfxdQZmRXTaszkv3fkBJwBmBwUwx+JhoFjfGN64fc1nWmVfzIhBzX0YR9ayPpIX5f4VpI1brqt81eZUL+37ZLs7bs8KYSYSyde4jeqmA=
X-MS-Office365-Filtering-Correlation-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;2:WDnAUl0x9sLZN5LHCzhO4D4MF0nnXeb2bp5KU59JSRiFE9zsW6i0v9UW7McQYTOmaDsujfYjyXXOj8eT4jmvaHrnZnS8Zpzt0LHCChqhSa31QqvhjEsWZCdKL9ox9BtUx1mcUp3TyDR2ZCyLmCzAUv12yAc/BWspG1Bn3wK//26HlRZO4NE4cKk/a6n5mKoY+wAtGi9ABKnkD8nJVdNVXw==;3:HlCYQYi+hbJClYxwZGUgrnpShKlkOVniqr7bk255Qb+PFvgcGYmE5I+rNPkMb892do2LQBORLPwgMq/yYIP8gjjl29v3dYRsZHQkdtaMj3563lQig09v9sIp7SclNdHbsK3V+hr47ZIYgqlcXQdk4gQCA7hnPY8sz5iAbm9oBNcEmI9npzATOYysR2lCA+cqB4xxI4t3KVPlkg34gJk1W0IEOpKgpFfhiPjGX4gGFHLBuztyV6Er7RiKaI9ECAoAc3aiOTAJyl3s9YL+CZFXVIoNH5PRVqZX3LlDJSnqpd0=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(81800161)(71701004);SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;25:215FqlAaJZXLT/FGao5ztsRJkG2HKUSoy+3Ld3BZJ?=
 =?us-ascii?Q?XjpvJrHpIs+WQaUp68CEhWL1L6KYZcPsEpVYYLY21pFYWECjSB9N3CmC1BpV?=
 =?us-ascii?Q?pPx8DT2sulvllMQA8KNeDXfFytQeQ0D8x7aNSwWMYAhXaUSwVOUpyq5hdv4r?=
 =?us-ascii?Q?VD7r31Tg2uVhkQiFkhWew0xfdp1dyiaxiuerv71g+5hCcD++KIO7do/yoMdh?=
 =?us-ascii?Q?K3lwG3rttN8ZfqI1Iv80PuYIPPumbDSgc/5OlfT8SS2o/K+LRpCDaDKY4itd?=
 =?us-ascii?Q?EozkesMG2BpEOipGuQ0JeVHyqHvZpLsEtx7gK5G3NB22MEABOXoND1tEVRST?=
 =?us-ascii?Q?4KEAA2MWnBoqyOQiPkQ+mvcLSOg/sYX/ofdlaqikVVBQIB6VgJGeplothonO?=
 =?us-ascii?Q?udPlM+yj02lnYuB3k2BaKucanwDIaPRHqHFplrCg5Yuc1QPeFus9qYn3TZYQ?=
 =?us-ascii?Q?FkXv1632bsUz4rydsnlvez2m2XYM5aWVQhQoEkyycIz5REVq04bR3eW64k3G?=
 =?us-ascii?Q?tWWmeK3/lp8bcKCdCBeyocJLykGFnZDLZSBBVEtujD1+3jaWc1Cq6JMhoGEy?=
 =?us-ascii?Q?K8SL/Pb5MKAMQ4ve7WjHKbFNzDNWJpoZdUzyLBya1+oPABGZMD+PjDdjRDDl?=
 =?us-ascii?Q?q8B7ymaswV4E+V8CjUVYPYxJ1SBYpxISbsynlBoX8syUtVFa48dowOL0t0+V?=
 =?us-ascii?Q?VUMcDITIRZksAxpqVf/0VTELHFWLdVLbyy9s1yVlF4DF+BvSZcGMLTa3HRuq?=
 =?us-ascii?Q?ISaUv3hJiJLlbJD9iUbON+P0o6u/JJo+ZoaBLMph8AMFLP/PpxL7JcO5/sfs?=
 =?us-ascii?Q?xl6tMc/HNaBqwagBiE9kiqxDYlwqcwnhwLAWojlJMuFjWKGAh52NjoIaVaMy?=
 =?us-ascii?Q?w2K2PLpPfTWNw7jrkiFtVJ7v8z9S3kRdWz5o8Ds0Nd3qI+ohp5kgp6CsO/M5?=
 =?us-ascii?Q?dWYWMbYI1Mh1h9vNfpq5GOYwjpUzLmQ+IBrkGyznqzpsUEZMY1oHwZ32zctB?=
 =?us-ascii?Q?mMB+8y+j6g2+cSmwJWI4n8DPE8qPmDJtxrRpEfqB8wP5yw64qWTknW7LU0nU?=
 =?us-ascii?Q?cXkewapuAqgjfjlTiB3MdYtlLDy0Ruetfprbu5/yuVsM5eO1lzem0RyrmjiK?=
 =?us-ascii?Q?AgsPooo7UsH+FeqLczDDhd+RwTLqUHo268T2QXjDcWaN91lcEutSYj9k0DFA?=
 =?us-ascii?Q?h15nDsl0/MBkr8=3D?=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;31:cNkU30ybLFlxmPORnGhEINqdXzNPuKsfATPyNs8fFDzCKFhV7hEOXtKd2uT2Ko2eerFQ6sEqb8aSpKL8nkkqSqfZ+5DGPSD1dHEZzQWRfKf3tAu2VQQZSLJkKMfSrA3tWMekTgxNd02KV5to0RML8DuZsiIkKwxRmMj8EL8rtX5Ph/K8oxqsWE/OF1PbNsK+VhMcwscCuzk33XwFsIIX8xtGEubqu3jiHAaAqBBl7PJ89wNOvdNyLjY9/oWu0E/ziaqW7EDBlYBcZrKMa85igjNF9rXN/if7Df8Knvzcjco=
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(63888751443075)(50066401698855)(21748063052155)(275809806118684);
X-MS-Exchange-Organization-PCL: 4
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:8;RULEID:(102415321)(9101531078)(2401047)(13018025)(13016025)(8121501046)(9101536074)(10201501046)(3002001)(920200223);SRVR:MWHPR01MB2255;BCL:0;PCL:8;RULEID:;SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;4:XhrXH/+Sjpntjg2od+BbakuslhEZ6KAyqgXTMjs3Si5l3tX4s/CQRdRhkcjekoWA5ta41pSr5LitxG7g/cQLJs5//GsNfEMIwd8oQia3adllsHineQmxlvxsai8s+9mA2aIU4xQjRtPRRgyHxyJzYwwNfQBC+53Lj77ShXS1bSesJyieGVNby1G66QOE5WzSmLs8TsN0vAXtaZmSAPsMEAHsfxyz+d5xRs8MzxA7rZAQxh8sOXcQN/BuQGZEvWL8ZHdMD9v3lSYM8FHbSCYRPSoi0Pk+qA/C3Sztuk5S+/zq8tEreBdOGlz6dWciwhndF3RPPEjivP3f8oVy4+OcEIynArDp/siKZj4gXaiyfqOlMA73fdC+FrGz8KV+HLh6y6+0kvZuHVDZGe14U7pmG73oSD1G/DSNbYaXesoPCW3FHPt44j75YtxGbwBYXh5KgVXwLXepP97UA96Y1Xu3Q5O38hJ/drYo5gJXvdvkmp7e/IJZ/VC6uSBKYFDTMT4R790Pvg0H4SiakciWaO1+uPvnw7iwau1uDFHO1KiclkufAGbLNZUX4z+upwS0RJyUdmR9m38RrbRlSjoVqKQIqBhEByqarD57OhUTg5ixQRBKcyG1humSoByOMvy/oMLMoql7UnPswBqIUAEeczub3+ohroZqji22EAA47OOu6xI=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;23:KGzVaZdJf7rMQcCF6h9A2gUmw1U/XpTTHzhPaQpSU?=
 =?us-ascii?Q?daIgLes9zwEOI4rqZFdBE9Z9jqiiRFsKG5Yb2G+uUoc2wtDsDU7x2Jrm+npE?=
 =?us-ascii?Q?lecET6q6YuykwOvKBTJSHhoTxnyAv9qnqftP3ozXHg5U11pbAnGwFPPcS5Zm?=
 =?us-ascii?Q?8G0p7zN+gHvxqtuJTg/D+qMx/qHCtLTcvAqqk5tRfAv65gsjweVYzKRpahCB?=
 =?us-ascii?Q?mGRAJ6ZK3cQTcKIcMXXLcQ7gtJE2xdatel+NTTPLzM0oYD8Xh/kfydohf2+n?=
 =?us-ascii?Q?s7ePjvCTq7+2IrirT9lawg9Hm2Kh3GDY1w82D9iNJcsYtCCJh5mmZA+3cP4l?=
 =?us-ascii?Q?di6pQjOU/DP9lROeEwOCX/0nYv044DwsW8MeLKkkl7kKioLczO6XzMSxN8wU?=
 =?us-ascii?Q?9VzCwQD9nXjz+qR7F6GwWF2XzaMlWgLz9og2yXb3T/tY6QS7m/gHL/+ndHba?=
 =?us-ascii?Q?ZKsqDpvnwys4EPIzJsOhD2iGXkiZeDObHBqbWRtu4lsl/s2yuo+gQBNqEKS0?=
 =?us-ascii?Q?5EmAVTj5/oHhyZrJQY9F0+vE0H5qpaeG0ftlFEb1p5gXabx+S8SJCArwY+xS?=
 =?us-ascii?Q?w5DNrNTErPHkAJX7ebtwpEn6L8rkRjGogbm7DeQz03hks/7O3edrKlbchMki?=
 =?us-ascii?Q?PLk+kccbLNaTOdMTy2gpnXV2bYsJUNpkCCznukFcW+CMIKQc8zYd7s/gGU9Q?=
 =?us-ascii?Q?rCY/PyBTPYw7/q9j50/R/EZnvzrQVQCFu5jutMP6+tJkRebfZTMZCZizBDnw?=
 =?us-ascii?Q?FIuQL8Zmq5ojUwU3kYn0HbqIIfCc1Gp3JiQaRFgPKHKag4xrIGAfyEO+jYuT?=
 =?us-ascii?Q?wVxuxGxxqQmQ096gOu96F8NuBZ6SLAA+jrSKfjHqqnMSphHGDUIBd7TJnC7g?=
 =?us-ascii?Q?4iuFalQDlPrgB1x/pCosmPqhX8spo0l+tIlcHh93RPzmNg6YaL8svZQmpG1A?=
 =?us-ascii?Q?2+KOtkvOj87oZ0zdI6oG5oscw66/Jrbg1SJ9e55fnPRP9T/O2oI0q3wCa2pE?=
 =?us-ascii?Q?F6sO2f5LBBqOeSVx46LGVCODdU1RLvNyn0pg27vm0aI/oafYO/COIw3kqFF6?=
 =?us-ascii?Q?Uv/5wNBewn8QGcwXCQXs7MXMyOYzhSeZdOYyTaORAC2eRXaVkt5ZoGm6Y1AO?=
 =?us-ascii?Q?uymDVOBXeFIL2DBEgzyF0ictGyLRv+P2rxP+tQ20H6UW1TVDow3E8uZo5IuL?=
 =?us-ascii?Q?jKUlpJLVhbf97JOrteS3SiPCSfL1QSlO+PB5L4akayZevJJ9ffif2tLWfr1e?=
 =?us-ascii?Q?ash5QRzfeUB/n74ZtYagzbYkPX6PV8/AfOk/mwQSqHodewOICXcRha4c+Aft?=
 =?us-ascii?Q?6MfD+Fi/5jFmPe9+X1bIKT0HSxfQ1uJyZcOPNt+yA3QNHQBsWEqgYbasWSVk?=
 =?us-ascii?Q?h6lRnSB8+rgNKR/iEy9Tiv/5hoepJmFvyVodMvZEIvG13/2/+L22DD5syTFc?=
 =?us-ascii?Q?g6qVwLaAj+rV/BRAxsemR2LcY8sJjvapXKW8REWKb5eoW/Mxz7zK0vQb7Byd?=
 =?us-ascii?Q?oCeymYEMZn1S/KhOXn7sWucN4xLXBSKUVRUkrwlmKrugnio5duMec/9d3OhR?=
 =?us-ascii?Q?QfkSon0alHaZwA3iWBYW4CyLWdsRv2T2MV6bU2B+UT/xll1PJL75uz5aCkE9?=
 =?us-ascii?Q?4Pir/4zPkO+r3a0P2vmC5mKEYnGzfR7KgL7BTZ6EDxwv1icuJNT1VvRAfJtp?=
 =?us-ascii?Q?eIu3SyjqlWzRml0zqWN5fGmC2PKHQbZO7hyKzc0X9pf2Tm6JLrDg31jIJB5G?=
 =?us-ascii?Q?HGvMIiB27gHbqxYWXOaXM9js1T/3POL6Y+lwH67xaaVqeD/egoylkXlBo5fh?=
 =?us-ascii?Q?/ykPqqe79LRGrD8YQL7uRhjRbv/Fw0fS8Yx2b7z3AV38498xR1rLrnm7v4qe?=
 =?us-ascii?Q?vRjMACCJtCptnaBieyI8pkV1p5/z4v6tuRm2JUiKV7r5cDTiJj6nmxzSlanq?=
 =?us-ascii?Q?5D629ernaNeSzdCOlTC8mWLBrlm9vq4HtP1L9Ua6TRr4IyFOFoXx+dN3Ra10?=
 =?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;6:PvlgfMdHx/Yuj9GVA9EOLexQlTA3SFSzUL6B1m80qKCQPIm5znJWvJsWzWjcjzN62/EBBRN63kpi3NBCYgYoRrTfu4DZY+HPyfgyhvS15j5D6B4yVvvMKSv72/ri932y7tnKINa4ySrDDyNWNXFNUQVheyy8r/f7GJd83gLjAXUWtJS8rQd8miqbgqqyNd+7DBP50G+IcW/U4n3CgJiZKcWGO0stlkQpqxcE1CF7C54Q7yRlVp5m3d0Tx9JPLnZ9Syjyw7GyE/NhsA3GQ90vwd5ehqom2193BkOkbSQueIB7xQ28jDbTXAKBzPyD7wpwU/lXVP/3MUqF8LTcBt+s0w==;5:BB6/x9UoTBR96KdBZ5yzqbuGuxRWeJzBBYCKt95qZmqIf7/kHauaEj2ez21l4JuGxv2PpWeK8cRXTq4uKVnHD+GMVamCb1LwhxUbX/eVGYXQHMLWgpm9AsLS1vppksbBEC50lKy9nc2kite3YLMpmU9Oahz1wTy23dgALq3dlkk=;24:CVlshZoZUc/3nW1/pWVfOc5fDC3KUXhHHDKg4ZqTxodjfgGcZh6juoZeHIwYiG/DcW+vgUF+sKHCTgIL0ES15U8iDkvde9UmwQYA6MUR7rs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;7:YnznasHX0toOs0yRQ4OuCTW6KUj3RldJXUKbS8yDLBSFOgf85Q59IpW+t2hXlNpgMGLYj6FSNlM4k7tiyszU+PlZKMd4ptB/t3LoNKfV5rY5zb+0u2loiv1AZol+QQ8sWGpmALVBOMBxhgKG40sxiqIzdC4Q6y98ZfhAH3BkIRW+HVkWReh5K3GhVoEXVyUx4+JJ8xxvWwvoDxYoXkrazyGuj8AS70qO7L+JCw2LXH4AXR8mSbUSFqH/LZfb3tLrhL+uVgfqdvEy3vt71bDbM/F7vP3u9QrfoyU4WmeDMSZTUNo/NBtYZZcHeSrY6qE07vNvRboXscMYwIjFxGJb7tJ+obk0phBAfYs4Lbe+j80cxUQ112YVXha/ZGFZnK9uJpV35wrIW5zwRnFPCr72tw==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2016 19:08:04.5765
 (UTC)
X-MS-Exchange-CrossTenant-Id: e0ed04de-a27a-4e49-9c5b-00e094701550
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB2255
X-MS-Exchange-Organization-AuthSource: SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0678053
X-Microsoft-Exchange-Diagnostics:
      1;CY4PR01MB2245;9:LWsAiZlmEsc+xfB9sfC8USvtLDQdTuNR3Rv+o9B2+QHdl2I7KRk94+MMm/ErcXzCygquWoyZ5UHy/vg3V6ZrE62lUKkUTctxPBOX/obussD/SeMqLUAK5vlTdHZZ4SxrV0R/uhNVlzp7SQcn+VkMw2a4kFeByw7JFDc+aY595Ri74U8HLUjh9z9SGSy9GVKAIDyqUmmOF0AKlZK5xEtqH0GDziZxQRoSDsdL3KQCsEQ=
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 90

Expert Comment

by:John Hurst
ID: 41869054
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>

This is the source of the emails.
0
 
LVL 14

Accepted Solution

by:
Jason Crawford earned 500 total points
ID: 41869277
Yes that's true John but that info doesn't really help determine why it's being flagged as a phishing email.  Here's what I see:

Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)

 Authentication-Results: spf=none (sender IP is 162.220.84.151)

 Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000

K5 - do you use omegatechnologygroup.net as an outbound smarthost?  It looks like a omegatechnologygroup.net server handed this email off to an Exchange Online server with Office 365, and it's not helping that the omegatechnologygroup.net WAN IP of 162.220.84.151 isn't included in the SPF record for axisbenefits.com.  In fact that domain doesn't have an SPF record at all:

spf.PNG
I would add an SPF record for your domain and include all IPs that will be sending email for your organization.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41869278
Phishing is determined by content. That is why I said to whitelist the address.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41869283
That's not a setting K5 can configure since his organization sent the email.
0
 

Author Comment

by:K5-Tech
ID: 41869286
The client does use Zixmail to send encrypted email.  I'm not the familiar with it.  Let me check with Zixmail tomorrow.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41869323
Sounds good, I'll check back later and we'll eventually get it worked out.  Have a nice night.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now