Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Email be flagged as Phishing from Exchange 2010

Posted on 2016-11-01
12
Medium Priority
?
251 Views
Last Modified: 2016-11-06
A couple of our users have had their email flagged as phishing in Outlook 2013, 2016.  Is there a way to stop this.  I contacted our ISP to verify that we had a PTR record and the connectors in Exchange are correct.
0
Comment
Question by:K5-Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 97

Expert Comment

by:John Hurst
ID: 41868973
The only practical way I know around this is to Whitelist the users in question. There is so much spam, phishing and ransomware emails now that you will not likely get a hearing from your ISP. You can try. I just use my Whitelist as needed.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41868998
Did you users receive an NDR you can share?  That should help us narrow down the root cause.
0
 

Author Comment

by:K5-Tech
ID: 41869010
There was no NDR.  The messages are getting delivered they just have all of the links and attachments disabled until the receiver clicks to enable them.  

The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled.  If you trust this message and want to turn that functionality back on, click here.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41869018
It's tough to say for sure without examining headers.  Feel free to send to me in a private message and I can report back results.
1
 
LVL 97

Expert Comment

by:John Hurst
ID: 41869024
You cannot use Private Messaging in this forum to solve problems.

If you wish to post the headers, please post them here.
0
 

Author Comment

by:K5-Tech
ID: 41869042
Received: from MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) by
 CY4PR01MB2245.prod.exchangelabs.com (10.169.250.143) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchangelabs.com (10.163.25.19) by
 MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
 (2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.office365.com
 (2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12 via
 Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
 smtp.mailfrom=axisbenefits.com; k5-tech.com; dkim=none (message not signed)
 header.d=none;k5-tech.com; dmarc=permerror action=none
 header.from=axisbenefits.com;k5-tech.com; dkim=none (message not signed)
 header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)
Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
      by Outbound.omegatechnologygroup.net (Proprietary) with SMTP id 1C3B5E716E
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc.comcastbusiness.net [50.193.80.133])
      (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
      (No client certificate requested)
      by zix01.omegatechnologygroup.net (Proprietary) with ESMTPS id 1C826E703C
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c]) by
 AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c%10]) with mapi id
 14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0SLqgAA74LwAAAXTkA=
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>
References: <CC2918922F8865409382803E095EB5942FF9393C@AXISSERVER.axisbenefits.local>
 <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
In-Reply-To: <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
      boundary="_004_CC2918922F8865409382803E095EB5942FF93D59AXISSERVERaxisb_";
      type="multipart/alternative"
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c42c5eda832
X-VPM-HOST: zix01.omegatechnologygroup.net
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf3fd0d9af9f
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization-Network-Message-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e0ed04de-a27a-4e49-9c5b-00e094701550:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: =?us-ascii?Q?CIP:162.220.84.151;IPV:NLI;CTRY:;EFV:NLI;SFV:NSPM;SFS:(97900?=
 =?us-ascii?Q?2)(8156002)(2980300002)(428002)(3020300005)(189002)(199003)(?=
 =?us-ascii?Q?52314003)(501574003)(377454003)(55846006)(19627595001)(19617?=
 =?us-ascii?Q?315012)(15975445007)(84326002)(92566002)(5310100001)(1096003?=
 =?us-ascii?Q?)(8896002)(18206015028)(19300405004)(2900100001)(6916009)(29?=
 =?us-ascii?Q?20100001)(10126002)(2950100002)(16236675004)(3480700004)(509?=
 =?us-ascii?Q?86999)(221733001)(99936001)(54356999)(76176999)(19580395003)?=
 =?us-ascii?Q?(19580405001)(5890100001)(5250100002)(512954002)(9686002)(26?=
 =?us-ascii?Q?0700001)(7696004)(67866002)(7906003)(236004)(33656002)(66926?=
 =?us-ascii?Q?002)(3846002)(101416001)(98436002)(586003)(102836003)(790700?=
 =?us-ascii?Q?001)(10000500002)(11100500001)(7596002)(110136003)(189998001?=
 =?us-ascii?Q?)(105586002)(450100001)(19625215002)(6116002)(7116003)(57578?=
 =?us-ascii?Q?4001)(86362001)(356003)(7636002)(17760045003)(107886002)(626?=
 =?us-ascii?Q?004)(7736002)(7846002)(5660300001)(8676002)(106466001)(24600?=
 =?us-ascii?Q?2)(7099028)(111123002)(7090600002)(969003)(989001)(999001)(1?=
 =?us-ascii?Q?009001)(1019001);DIR:INB;SFP:;SCL:1;SRVR:MWHPR01MB2255;H:zix?=
 =?us-ascii?Q?01.omegatechnologygroup.net;FPR:;SPF:None;PTR:zix01.omegatec?=
 =?us-ascii?Q?hnologygroup.net;MX:1;A:1;LANG:en;?=
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM01FT002;1:XJgjffcBtyWgle3zYBfLWOhPPZ/fG1eJma5THdtuKHRhnEJB26FGSBFHfrm0DB5WZ9BbbtSxEjs9/EvUMwWgB2gZh8atslW7tREpjleUd5+IG8AfVLyRi6bDQLN3BCRasc4O59nlqEALUmhEBxugpWB2JOGVKuGKwSmuNK5RcSG3sUDgYOQtLqlP2tYWpLFXQuS+zRFQGugRRKsyuJIh8is7QWOYIhnCBChZa7pdFCZ+gBfLJmh3e2tsfoqTeD9wtxh5ENBwbMz+0AMD6F14JDajJZI7I/UyrsF2oSgllqZzwp6SP2jL1hj+oyE5mgJ7C0zZ02SD+/MJ9C8LhJE+ASotj89WKAbYhOi6tGuKsj5t+R64t8xPxLcFkJhrp4leUhis4fcwmCssNZZ1kp8DfCNAQkFFkzkL3xr25JKNvtYbH+/m991AGcEkaIr3005W8TLOfxdQZmRXTaszkv3fkBJwBmBwUwx+JhoFjfGN64fc1nWmVfzIhBzX0YR9ayPpIX5f4VpI1brqt81eZUL+37ZLs7bs8KYSYSyde4jeqmA=
X-MS-Office365-Filtering-Correlation-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;2:WDnAUl0x9sLZN5LHCzhO4D4MF0nnXeb2bp5KU59JSRiFE9zsW6i0v9UW7McQYTOmaDsujfYjyXXOj8eT4jmvaHrnZnS8Zpzt0LHCChqhSa31QqvhjEsWZCdKL9ox9BtUx1mcUp3TyDR2ZCyLmCzAUv12yAc/BWspG1Bn3wK//26HlRZO4NE4cKk/a6n5mKoY+wAtGi9ABKnkD8nJVdNVXw==;3:HlCYQYi+hbJClYxwZGUgrnpShKlkOVniqr7bk255Qb+PFvgcGYmE5I+rNPkMb892do2LQBORLPwgMq/yYIP8gjjl29v3dYRsZHQkdtaMj3563lQig09v9sIp7SclNdHbsK3V+hr47ZIYgqlcXQdk4gQCA7hnPY8sz5iAbm9oBNcEmI9npzATOYysR2lCA+cqB4xxI4t3KVPlkg34gJk1W0IEOpKgpFfhiPjGX4gGFHLBuztyV6Er7RiKaI9ECAoAc3aiOTAJyl3s9YL+CZFXVIoNH5PRVqZX3LlDJSnqpd0=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(81800161)(71701004);SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;25:215FqlAaJZXLT/FGao5ztsRJkG2HKUSoy+3Ld3BZJ?=
 =?us-ascii?Q?XjpvJrHpIs+WQaUp68CEhWL1L6KYZcPsEpVYYLY21pFYWECjSB9N3CmC1BpV?=
 =?us-ascii?Q?pPx8DT2sulvllMQA8KNeDXfFytQeQ0D8x7aNSwWMYAhXaUSwVOUpyq5hdv4r?=
 =?us-ascii?Q?VD7r31Tg2uVhkQiFkhWew0xfdp1dyiaxiuerv71g+5hCcD++KIO7do/yoMdh?=
 =?us-ascii?Q?K3lwG3rttN8ZfqI1Iv80PuYIPPumbDSgc/5OlfT8SS2o/K+LRpCDaDKY4itd?=
 =?us-ascii?Q?EozkesMG2BpEOipGuQ0JeVHyqHvZpLsEtx7gK5G3NB22MEABOXoND1tEVRST?=
 =?us-ascii?Q?4KEAA2MWnBoqyOQiPkQ+mvcLSOg/sYX/ofdlaqikVVBQIB6VgJGeplothonO?=
 =?us-ascii?Q?udPlM+yj02lnYuB3k2BaKucanwDIaPRHqHFplrCg5Yuc1QPeFus9qYn3TZYQ?=
 =?us-ascii?Q?FkXv1632bsUz4rydsnlvez2m2XYM5aWVQhQoEkyycIz5REVq04bR3eW64k3G?=
 =?us-ascii?Q?tWWmeK3/lp8bcKCdCBeyocJLykGFnZDLZSBBVEtujD1+3jaWc1Cq6JMhoGEy?=
 =?us-ascii?Q?K8SL/Pb5MKAMQ4ve7WjHKbFNzDNWJpoZdUzyLBya1+oPABGZMD+PjDdjRDDl?=
 =?us-ascii?Q?q8B7ymaswV4E+V8CjUVYPYxJ1SBYpxISbsynlBoX8syUtVFa48dowOL0t0+V?=
 =?us-ascii?Q?VUMcDITIRZksAxpqVf/0VTELHFWLdVLbyy9s1yVlF4DF+BvSZcGMLTa3HRuq?=
 =?us-ascii?Q?ISaUv3hJiJLlbJD9iUbON+P0o6u/JJo+ZoaBLMph8AMFLP/PpxL7JcO5/sfs?=
 =?us-ascii?Q?xl6tMc/HNaBqwagBiE9kiqxDYlwqcwnhwLAWojlJMuFjWKGAh52NjoIaVaMy?=
 =?us-ascii?Q?w2K2PLpPfTWNw7jrkiFtVJ7v8z9S3kRdWz5o8Ds0Nd3qI+ohp5kgp6CsO/M5?=
 =?us-ascii?Q?dWYWMbYI1Mh1h9vNfpq5GOYwjpUzLmQ+IBrkGyznqzpsUEZMY1oHwZ32zctB?=
 =?us-ascii?Q?mMB+8y+j6g2+cSmwJWI4n8DPE8qPmDJtxrRpEfqB8wP5yw64qWTknW7LU0nU?=
 =?us-ascii?Q?cXkewapuAqgjfjlTiB3MdYtlLDy0Ruetfprbu5/yuVsM5eO1lzem0RyrmjiK?=
 =?us-ascii?Q?AgsPooo7UsH+FeqLczDDhd+RwTLqUHo268T2QXjDcWaN91lcEutSYj9k0DFA?=
 =?us-ascii?Q?h15nDsl0/MBkr8=3D?=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;31:cNkU30ybLFlxmPORnGhEINqdXzNPuKsfATPyNs8fFDzCKFhV7hEOXtKd2uT2Ko2eerFQ6sEqb8aSpKL8nkkqSqfZ+5DGPSD1dHEZzQWRfKf3tAu2VQQZSLJkKMfSrA3tWMekTgxNd02KV5to0RML8DuZsiIkKwxRmMj8EL8rtX5Ph/K8oxqsWE/OF1PbNsK+VhMcwscCuzk33XwFsIIX8xtGEubqu3jiHAaAqBBl7PJ89wNOvdNyLjY9/oWu0E/ziaqW7EDBlYBcZrKMa85igjNF9rXN/if7Df8Knvzcjco=
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(63888751443075)(50066401698855)(21748063052155)(275809806118684);
X-MS-Exchange-Organization-PCL: 4
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:8;RULEID:(102415321)(9101531078)(2401047)(13018025)(13016025)(8121501046)(9101536074)(10201501046)(3002001)(920200223);SRVR:MWHPR01MB2255;BCL:0;PCL:8;RULEID:;SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;4:XhrXH/+Sjpntjg2od+BbakuslhEZ6KAyqgXTMjs3Si5l3tX4s/CQRdRhkcjekoWA5ta41pSr5LitxG7g/cQLJs5//GsNfEMIwd8oQia3adllsHineQmxlvxsai8s+9mA2aIU4xQjRtPRRgyHxyJzYwwNfQBC+53Lj77ShXS1bSesJyieGVNby1G66QOE5WzSmLs8TsN0vAXtaZmSAPsMEAHsfxyz+d5xRs8MzxA7rZAQxh8sOXcQN/BuQGZEvWL8ZHdMD9v3lSYM8FHbSCYRPSoi0Pk+qA/C3Sztuk5S+/zq8tEreBdOGlz6dWciwhndF3RPPEjivP3f8oVy4+OcEIynArDp/siKZj4gXaiyfqOlMA73fdC+FrGz8KV+HLh6y6+0kvZuHVDZGe14U7pmG73oSD1G/DSNbYaXesoPCW3FHPt44j75YtxGbwBYXh5KgVXwLXepP97UA96Y1Xu3Q5O38hJ/drYo5gJXvdvkmp7e/IJZ/VC6uSBKYFDTMT4R790Pvg0H4SiakciWaO1+uPvnw7iwau1uDFHO1KiclkufAGbLNZUX4z+upwS0RJyUdmR9m38RrbRlSjoVqKQIqBhEByqarD57OhUTg5ixQRBKcyG1humSoByOMvy/oMLMoql7UnPswBqIUAEeczub3+ohroZqji22EAA47OOu6xI=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;23:KGzVaZdJf7rMQcCF6h9A2gUmw1U/XpTTHzhPaQpSU?=
 =?us-ascii?Q?daIgLes9zwEOI4rqZFdBE9Z9jqiiRFsKG5Yb2G+uUoc2wtDsDU7x2Jrm+npE?=
 =?us-ascii?Q?lecET6q6YuykwOvKBTJSHhoTxnyAv9qnqftP3ozXHg5U11pbAnGwFPPcS5Zm?=
 =?us-ascii?Q?8G0p7zN+gHvxqtuJTg/D+qMx/qHCtLTcvAqqk5tRfAv65gsjweVYzKRpahCB?=
 =?us-ascii?Q?mGRAJ6ZK3cQTcKIcMXXLcQ7gtJE2xdatel+NTTPLzM0oYD8Xh/kfydohf2+n?=
 =?us-ascii?Q?s7ePjvCTq7+2IrirT9lawg9Hm2Kh3GDY1w82D9iNJcsYtCCJh5mmZA+3cP4l?=
 =?us-ascii?Q?di6pQjOU/DP9lROeEwOCX/0nYv044DwsW8MeLKkkl7kKioLczO6XzMSxN8wU?=
 =?us-ascii?Q?9VzCwQD9nXjz+qR7F6GwWF2XzaMlWgLz9og2yXb3T/tY6QS7m/gHL/+ndHba?=
 =?us-ascii?Q?ZKsqDpvnwys4EPIzJsOhD2iGXkiZeDObHBqbWRtu4lsl/s2yuo+gQBNqEKS0?=
 =?us-ascii?Q?5EmAVTj5/oHhyZrJQY9F0+vE0H5qpaeG0ftlFEb1p5gXabx+S8SJCArwY+xS?=
 =?us-ascii?Q?w5DNrNTErPHkAJX7ebtwpEn6L8rkRjGogbm7DeQz03hks/7O3edrKlbchMki?=
 =?us-ascii?Q?PLk+kccbLNaTOdMTy2gpnXV2bYsJUNpkCCznukFcW+CMIKQc8zYd7s/gGU9Q?=
 =?us-ascii?Q?rCY/PyBTPYw7/q9j50/R/EZnvzrQVQCFu5jutMP6+tJkRebfZTMZCZizBDnw?=
 =?us-ascii?Q?FIuQL8Zmq5ojUwU3kYn0HbqIIfCc1Gp3JiQaRFgPKHKag4xrIGAfyEO+jYuT?=
 =?us-ascii?Q?wVxuxGxxqQmQ096gOu96F8NuBZ6SLAA+jrSKfjHqqnMSphHGDUIBd7TJnC7g?=
 =?us-ascii?Q?4iuFalQDlPrgB1x/pCosmPqhX8spo0l+tIlcHh93RPzmNg6YaL8svZQmpG1A?=
 =?us-ascii?Q?2+KOtkvOj87oZ0zdI6oG5oscw66/Jrbg1SJ9e55fnPRP9T/O2oI0q3wCa2pE?=
 =?us-ascii?Q?F6sO2f5LBBqOeSVx46LGVCODdU1RLvNyn0pg27vm0aI/oafYO/COIw3kqFF6?=
 =?us-ascii?Q?Uv/5wNBewn8QGcwXCQXs7MXMyOYzhSeZdOYyTaORAC2eRXaVkt5ZoGm6Y1AO?=
 =?us-ascii?Q?uymDVOBXeFIL2DBEgzyF0ictGyLRv+P2rxP+tQ20H6UW1TVDow3E8uZo5IuL?=
 =?us-ascii?Q?jKUlpJLVhbf97JOrteS3SiPCSfL1QSlO+PB5L4akayZevJJ9ffif2tLWfr1e?=
 =?us-ascii?Q?ash5QRzfeUB/n74ZtYagzbYkPX6PV8/AfOk/mwQSqHodewOICXcRha4c+Aft?=
 =?us-ascii?Q?6MfD+Fi/5jFmPe9+X1bIKT0HSxfQ1uJyZcOPNt+yA3QNHQBsWEqgYbasWSVk?=
 =?us-ascii?Q?h6lRnSB8+rgNKR/iEy9Tiv/5hoepJmFvyVodMvZEIvG13/2/+L22DD5syTFc?=
 =?us-ascii?Q?g6qVwLaAj+rV/BRAxsemR2LcY8sJjvapXKW8REWKb5eoW/Mxz7zK0vQb7Byd?=
 =?us-ascii?Q?oCeymYEMZn1S/KhOXn7sWucN4xLXBSKUVRUkrwlmKrugnio5duMec/9d3OhR?=
 =?us-ascii?Q?QfkSon0alHaZwA3iWBYW4CyLWdsRv2T2MV6bU2B+UT/xll1PJL75uz5aCkE9?=
 =?us-ascii?Q?4Pir/4zPkO+r3a0P2vmC5mKEYnGzfR7KgL7BTZ6EDxwv1icuJNT1VvRAfJtp?=
 =?us-ascii?Q?eIu3SyjqlWzRml0zqWN5fGmC2PKHQbZO7hyKzc0X9pf2Tm6JLrDg31jIJB5G?=
 =?us-ascii?Q?HGvMIiB27gHbqxYWXOaXM9js1T/3POL6Y+lwH67xaaVqeD/egoylkXlBo5fh?=
 =?us-ascii?Q?/ykPqqe79LRGrD8YQL7uRhjRbv/Fw0fS8Yx2b7z3AV38498xR1rLrnm7v4qe?=
 =?us-ascii?Q?vRjMACCJtCptnaBieyI8pkV1p5/z4v6tuRm2JUiKV7r5cDTiJj6nmxzSlanq?=
 =?us-ascii?Q?5D629ernaNeSzdCOlTC8mWLBrlm9vq4HtP1L9Ua6TRr4IyFOFoXx+dN3Ra10?=
 =?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;6:PvlgfMdHx/Yuj9GVA9EOLexQlTA3SFSzUL6B1m80qKCQPIm5znJWvJsWzWjcjzN62/EBBRN63kpi3NBCYgYoRrTfu4DZY+HPyfgyhvS15j5D6B4yVvvMKSv72/ri932y7tnKINa4ySrDDyNWNXFNUQVheyy8r/f7GJd83gLjAXUWtJS8rQd8miqbgqqyNd+7DBP50G+IcW/U4n3CgJiZKcWGO0stlkQpqxcE1CF7C54Q7yRlVp5m3d0Tx9JPLnZ9Syjyw7GyE/NhsA3GQ90vwd5ehqom2193BkOkbSQueIB7xQ28jDbTXAKBzPyD7wpwU/lXVP/3MUqF8LTcBt+s0w==;5:BB6/x9UoTBR96KdBZ5yzqbuGuxRWeJzBBYCKt95qZmqIf7/kHauaEj2ez21l4JuGxv2PpWeK8cRXTq4uKVnHD+GMVamCb1LwhxUbX/eVGYXQHMLWgpm9AsLS1vppksbBEC50lKy9nc2kite3YLMpmU9Oahz1wTy23dgALq3dlkk=;24:CVlshZoZUc/3nW1/pWVfOc5fDC3KUXhHHDKg4ZqTxodjfgGcZh6juoZeHIwYiG/DcW+vgUF+sKHCTgIL0ES15U8iDkvde9UmwQYA6MUR7rs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;7:YnznasHX0toOs0yRQ4OuCTW6KUj3RldJXUKbS8yDLBSFOgf85Q59IpW+t2hXlNpgMGLYj6FSNlM4k7tiyszU+PlZKMd4ptB/t3LoNKfV5rY5zb+0u2loiv1AZol+QQ8sWGpmALVBOMBxhgKG40sxiqIzdC4Q6y98ZfhAH3BkIRW+HVkWReh5K3GhVoEXVyUx4+JJ8xxvWwvoDxYoXkrazyGuj8AS70qO7L+JCw2LXH4AXR8mSbUSFqH/LZfb3tLrhL+uVgfqdvEy3vt71bDbM/F7vP3u9QrfoyU4WmeDMSZTUNo/NBtYZZcHeSrY6qE07vNvRboXscMYwIjFxGJb7tJ+obk0phBAfYs4Lbe+j80cxUQ112YVXha/ZGFZnK9uJpV35wrIW5zwRnFPCr72tw==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2016 19:08:04.5765
 (UTC)
X-MS-Exchange-CrossTenant-Id: e0ed04de-a27a-4e49-9c5b-00e094701550
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB2255
X-MS-Exchange-Organization-AuthSource: SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0678053
X-Microsoft-Exchange-Diagnostics:
      1;CY4PR01MB2245;9:LWsAiZlmEsc+xfB9sfC8USvtLDQdTuNR3Rv+o9B2+QHdl2I7KRk94+MMm/ErcXzCygquWoyZ5UHy/vg3V6ZrE62lUKkUTctxPBOX/obussD/SeMqLUAK5vlTdHZZ4SxrV0R/uhNVlzp7SQcn+VkMw2a4kFeByw7JFDc+aY595Ri74U8HLUjh9z9SGSy9GVKAIDyqUmmOF0AKlZK5xEtqH0GDziZxQRoSDsdL3KQCsEQ=
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 41869054
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>

This is the source of the emails.
0
 
LVL 16

Accepted Solution

by:
Jason Crawford earned 2000 total points
ID: 41869277
Yes that's true John but that info doesn't really help determine why it's being flagged as a phishing email.  Here's what I see:

Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)

 Authentication-Results: spf=none (sender IP is 162.220.84.151)

 Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000

K5 - do you use omegatechnologygroup.net as an outbound smarthost?  It looks like a omegatechnologygroup.net server handed this email off to an Exchange Online server with Office 365, and it's not helping that the omegatechnologygroup.net WAN IP of 162.220.84.151 isn't included in the SPF record for axisbenefits.com.  In fact that domain doesn't have an SPF record at all:

spf.PNG
I would add an SPF record for your domain and include all IPs that will be sending email for your organization.
0
 
LVL 97

Expert Comment

by:John Hurst
ID: 41869278
Phishing is determined by content. That is why I said to whitelist the address.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41869283
That's not a setting K5 can configure since his organization sent the email.
0
 

Author Comment

by:K5-Tech
ID: 41869286
The client does use Zixmail to send encrypted email.  I'm not the familiar with it.  Let me check with Zixmail tomorrow.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41869323
Sounds good, I'll check back later and we'll eventually get it worked out.  Have a nice night.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question