Email be flagged as Phishing from Exchange 2010

The only practical way I know around this is to Whitelist the users in question. There is so much spam, phishing and ransomware emails now that you will not likely get a hearing from your ISP. You can try. I just use my Whitelist as needed.

Did you users receive an NDR you can share?  That should help us narrow down the root cause.

There was no NDR.  The messages are getting delivered they just have all of the links and attachments disabled until the receiver clicks to enable them.  

The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled.  If you trust this message and want to turn that functionality back on, click here.

It's tough to say for sure without examining headers.  Feel free to send to me in a private message and I can report back results.

You cannot use Private Messaging in this forum to solve problems.

If you wish to post the headers, please post them here.

Received: from MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) by
 CY4PR01MB2245.prod.exchangelabs.com (10.169.250.143) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchangelabs.com (10.163.25.19) by
 MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
 (2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.office365.com
 (2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12 via
 Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
 smtp.mailfrom=axisbenefits.com; k5-tech.com; dkim=none (message not signed)
 header.d=none;k5-tech.com; dmarc=permerror action=none
 header.from=axisbenefits.com;k5-tech.com; dkim=none (message not signed)
 header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)
Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
      by Outbound.omegatechnologygroup.net (Proprietary) with SMTP id 1C3B5E716E
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc.comcastbusiness.net [50.193.80.133])
      (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
      (No client certificate requested)
      by zix01.omegatechnologygroup.net (Proprietary) with ESMTPS id 1C826E703C
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c]) by
 AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c%10]) with mapi id
 14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0SLqgAA74LwAAAXTkA=
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>
References: <CC2918922F8865409382803E095EB5942FF9393C@AXISSERVER.axisbenefits.local>
 <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
In-Reply-To: <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
      boundary="_004_CC2918922F8865409382803E095EB5942FF93D59AXISSERVERaxisb_";
      type="multipart/alternative"
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c42c5eda832
X-VPM-HOST: zix01.omegatechnologygroup.net
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf3fd0d9af9f
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization-Network-Message-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e0ed04de-a27a-4e49-9c5b-00e094701550:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: =?us-ascii?Q?CIP:162.220.84.151;IPV:NLI;CTRY:;EFV:NLI;SFV:NSPM;SFS:(97900?=
 =?us-ascii?Q?2)(8156002)(2980300002)(428002)(3020300005)(189002)(199003)(?=
 =?us-ascii?Q?52314003)(501574003)(377454003)(55846006)(19627595001)(19617?=
 =?us-ascii?Q?315012)(15975445007)(84326002)(92566002)(5310100001)(1096003?=
 =?us-ascii?Q?)(8896002)(18206015028)(19300405004)(2900100001)(6916009)(29?=
 =?us-ascii?Q?20100001)(10126002)(2950100002)(16236675004)(3480700004)(509?=
 =?us-ascii?Q?86999)(221733001)(99936001)(54356999)(76176999)(19580395003)?=
 =?us-ascii?Q?(19580405001)(5890100001)(5250100002)(512954002)(9686002)(26?=
 =?us-ascii?Q?0700001)(7696004)(67866002)(7906003)(236004)(33656002)(66926?=
 =?us-ascii?Q?002)(3846002)(101416001)(98436002)(586003)(102836003)(790700?=
 =?us-ascii?Q?001)(10000500002)(11100500001)(7596002)(110136003)(189998001?=
 =?us-ascii?Q?)(105586002)(450100001)(19625215002)(6116002)(7116003)(57578?=
 =?us-ascii?Q?4001)(86362001)(356003)(7636002)(17760045003)(107886002)(626?=
 =?us-ascii?Q?004)(7736002)(7846002)(5660300001)(8676002)(106466001)(24600?=
 =?us-ascii?Q?2)(7099028)(111123002)(7090600002)(969003)(989001)(999001)(1?=
 =?us-ascii?Q?009001)(1019001);DIR:INB;SFP:;SCL:1;SRVR:MWHPR01MB2255;H:zix?=
 =?us-ascii?Q?01.omegatechnologygroup.net;FPR:;SPF:None;PTR:zix01.omegatec?=
 =?us-ascii?Q?hnologygroup.net;MX:1;A:1;LANG:en;?=
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM01FT002;1:XJgjffcBtyWgle3zYBfLWOhPPZ/fG1eJma5THdtuKHRhnEJB26FGSBFHfrm0DB5WZ9BbbtSxEjs9/EvUMwWgB2gZh8atslW7tREpjleUd5+IG8AfVLyRi6bDQLN3BCRasc4O59nlqEALUmhEBxugpWB2JOGVKuGKwSmuNK5RcSG3sUDgYOQtLqlP2tYWpLFXQuS+zRFQGugRRKsyuJIh8is7QWOYIhnCBChZa7pdFCZ+gBfLJmh3e2tsfoqTeD9wtxh5ENBwbMz+0AMD6F14JDajJZI7I/UyrsF2oSgllqZzwp6SP2jL1hj+oyE5mgJ7C0zZ02SD+/MJ9C8LhJE+ASotj89WKAbYhOi6tGuKsj5t+R64t8xPxLcFkJhrp4leUhis4fcwmCssNZZ1kp8DfCNAQkFFkzkL3xr25JKNvtYbH+/m991AGcEkaIr3005W8TLOfxdQZmRXTaszkv3fkBJwBmBwUwx+JhoFjfGN64fc1nWmVfzIhBzX0YR9ayPpIX5f4VpI1brqt81eZUL+37ZLs7bs8KYSYSyde4jeqmA=
X-MS-Office365-Filtering-Correlation-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;2:WDnAUl0x9sLZN5LHCzhO4D4MF0nnXeb2bp5KU59JSRiFE9zsW6i0v9UW7McQYTOmaDsujfYjyXXOj8eT4jmvaHrnZnS8Zpzt0LHCChqhSa31QqvhjEsWZCdKL9ox9BtUx1mcUp3TyDR2ZCyLmCzAUv12yAc/BWspG1Bn3wK//26HlRZO4NE4cKk/a6n5mKoY+wAtGi9ABKnkD8nJVdNVXw==;3:HlCYQYi+hbJClYxwZGUgrnpShKlkOVniqr7bk255Qb+PFvgcGYmE5I+rNPkMb892do2LQBORLPwgMq/yYIP8gjjl29v3dYRsZHQkdtaMj3563lQig09v9sIp7SclNdHbsK3V+hr47ZIYgqlcXQdk4gQCA7hnPY8sz5iAbm9oBNcEmI9npzATOYysR2lCA+cqB4xxI4t3KVPlkg34gJk1W0IEOpKgpFfhiPjGX4gGFHLBuztyV6Er7RiKaI9ECAoAc3aiOTAJyl3s9YL+CZFXVIoNH5PRVqZX3LlDJSnqpd0=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(81800161)(71701004);SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;25:215FqlAaJZXLT/FGao5ztsRJkG2HKUSoy+3Ld3BZJ?=
 =?us-ascii?Q?XjpvJrHpIs+WQaUp68CEhWL1L6KYZcPsEpVYYLY21pFYWECjSB9N3CmC1BpV?=
 =?us-ascii?Q?pPx8DT2sulvllMQA8KNeDXfFytQeQ0D8x7aNSwWMYAhXaUSwVOUpyq5hdv4r?=
 =?us-ascii?Q?VD7r31Tg2uVhkQiFkhWew0xfdp1dyiaxiuerv71g+5hCcD++KIO7do/yoMdh?=
 =?us-ascii?Q?K3lwG3rttN8ZfqI1Iv80PuYIPPumbDSgc/5OlfT8SS2o/K+LRpCDaDKY4itd?=
 =?us-ascii?Q?EozkesMG2BpEOipGuQ0JeVHyqHvZpLsEtx7gK5G3NB22MEABOXoND1tEVRST?=
 =?us-ascii?Q?4KEAA2MWnBoqyOQiPkQ+mvcLSOg/sYX/ofdlaqikVVBQIB6VgJGeplothonO?=
 =?us-ascii?Q?udPlM+yj02lnYuB3k2BaKucanwDIaPRHqHFplrCg5Yuc1QPeFus9qYn3TZYQ?=
 =?us-ascii?Q?FkXv1632bsUz4rydsnlvez2m2XYM5aWVQhQoEkyycIz5REVq04bR3eW64k3G?=
 =?us-ascii?Q?tWWmeK3/lp8bcKCdCBeyocJLykGFnZDLZSBBVEtujD1+3jaWc1Cq6JMhoGEy?=
 =?us-ascii?Q?K8SL/Pb5MKAMQ4ve7WjHKbFNzDNWJpoZdUzyLBya1+oPABGZMD+PjDdjRDDl?=
 =?us-ascii?Q?q8B7ymaswV4E+V8CjUVYPYxJ1SBYpxISbsynlBoX8syUtVFa48dowOL0t0+V?=
 =?us-ascii?Q?VUMcDITIRZksAxpqVf/0VTELHFWLdVLbyy9s1yVlF4DF+BvSZcGMLTa3HRuq?=
 =?us-ascii?Q?ISaUv3hJiJLlbJD9iUbON+P0o6u/JJo+ZoaBLMph8AMFLP/PpxL7JcO5/sfs?=
 =?us-ascii?Q?xl6tMc/HNaBqwagBiE9kiqxDYlwqcwnhwLAWojlJMuFjWKGAh52NjoIaVaMy?=
 =?us-ascii?Q?w2K2PLpPfTWNw7jrkiFtVJ7v8z9S3kRdWz5o8Ds0Nd3qI+ohp5kgp6CsO/M5?=
 =?us-ascii?Q?dWYWMbYI1Mh1h9vNfpq5GOYwjpUzLmQ+IBrkGyznqzpsUEZMY1oHwZ32zctB?=
 =?us-ascii?Q?mMB+8y+j6g2+cSmwJWI4n8DPE8qPmDJtxrRpEfqB8wP5yw64qWTknW7LU0nU?=
 =?us-ascii?Q?cXkewapuAqgjfjlTiB3MdYtlLDy0Ruetfprbu5/yuVsM5eO1lzem0RyrmjiK?=
 =?us-ascii?Q?AgsPooo7UsH+FeqLczDDhd+RwTLqUHo268T2QXjDcWaN91lcEutSYj9k0DFA?=
 =?us-ascii?Q?h15nDsl0/MBkr8=3D?=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;31:cNkU30ybLFlxmPORnGhEINqdXzNPuKsfATPyNs8fFDzCKFhV7hEOXtKd2uT2Ko2eerFQ6sEqb8aSpKL8nkkqSqfZ+5DGPSD1dHEZzQWRfKf3tAu2VQQZSLJkKMfSrA3tWMekTgxNd02KV5to0RML8DuZsiIkKwxRmMj8EL8rtX5Ph/K8oxqsWE/OF1PbNsK+VhMcwscCuzk33XwFsIIX8xtGEubqu3jiHAaAqBBl7PJ89wNOvdNyLjY9/oWu0E/ziaqW7EDBlYBcZrKMa85igjNF9rXN/if7Df8Knvzcjco=
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(63888751443075)(50066401698855)(21748063052155)(275809806118684);
X-MS-Exchange-Organization-PCL: 4
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:8;RULEID:(102415321)(9101531078)(2401047)(13018025)(13016025)(8121501046)(9101536074)(10201501046)(3002001)(920200223);SRVR:MWHPR01MB2255;BCL:0;PCL:8;RULEID:;SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;4:XhrXH/+Sjpntjg2od+BbakuslhEZ6KAyqgXTMjs3Si5l3tX4s/CQRdRhkcjekoWA5ta41pSr5LitxG7g/cQLJs5//GsNfEMIwd8oQia3adllsHineQmxlvxsai8s+9mA2aIU4xQjRtPRRgyHxyJzYwwNfQBC+53Lj77ShXS1bSesJyieGVNby1G66QOE5WzSmLs8TsN0vAXtaZmSAPsMEAHsfxyz+d5xRs8MzxA7rZAQxh8sOXcQN/BuQGZEvWL8ZHdMD9v3lSYM8FHbSCYRPSoi0Pk+qA/C3Sztuk5S+/zq8tEreBdOGlz6dWciwhndF3RPPEjivP3f8oVy4+OcEIynArDp/siKZj4gXaiyfqOlMA73fdC+FrGz8KV+HLh6y6+0kvZuHVDZGe14U7pmG73oSD1G/DSNbYaXesoPCW3FHPt44j75YtxGbwBYXh5KgVXwLXepP97UA96Y1Xu3Q5O38hJ/drYo5gJXvdvkmp7e/IJZ/VC6uSBKYFDTMT4R790Pvg0H4SiakciWaO1+uPvnw7iwau1uDFHO1KiclkufAGbLNZUX4z+upwS0RJyUdmR9m38RrbRlSjoVqKQIqBhEByqarD57OhUTg5ixQRBKcyG1humSoByOMvy/oMLMoql7UnPswBqIUAEeczub3+ohroZqji22EAA47OOu6xI=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;23:KGzVaZdJf7rMQcCF6h9A2gUmw1U/XpTTHzhPaQpSU?=
 =?us-ascii?Q?daIgLes9zwEOI4rqZFdBE9Z9jqiiRFsKG5Yb2G+uUoc2wtDsDU7x2Jrm+npE?=
 =?us-ascii?Q?lecET6q6YuykwOvKBTJSHhoTxnyAv9qnqftP3ozXHg5U11pbAnGwFPPcS5Zm?=
 =?us-ascii?Q?8G0p7zN+gHvxqtuJTg/D+qMx/qHCtLTcvAqqk5tRfAv65gsjweVYzKRpahCB?=
 =?us-ascii?Q?mGRAJ6ZK3cQTcKIcMXXLcQ7gtJE2xdatel+NTTPLzM0oYD8Xh/kfydohf2+n?=
 =?us-ascii?Q?s7ePjvCTq7+2IrirT9lawg9Hm2Kh3GDY1w82D9iNJcsYtCCJh5mmZA+3cP4l?=
 =?us-ascii?Q?di6pQjOU/DP9lROeEwOCX/0nYv044DwsW8MeLKkkl7kKioLczO6XzMSxN8wU?=
 =?us-ascii?Q?9VzCwQD9nXjz+qR7F6GwWF2XzaMlWgLz9og2yXb3T/tY6QS7m/gHL/+ndHba?=
 =?us-ascii?Q?ZKsqDpvnwys4EPIzJsOhD2iGXkiZeDObHBqbWRtu4lsl/s2yuo+gQBNqEKS0?=
 =?us-ascii?Q?5EmAVTj5/oHhyZrJQY9F0+vE0H5qpaeG0ftlFEb1p5gXabx+S8SJCArwY+xS?=
 =?us-ascii?Q?w5DNrNTErPHkAJX7ebtwpEn6L8rkRjGogbm7DeQz03hks/7O3edrKlbchMki?=
 =?us-ascii?Q?PLk+kccbLNaTOdMTy2gpnXV2bYsJUNpkCCznukFcW+CMIKQc8zYd7s/gGU9Q?=
 =?us-ascii?Q?rCY/PyBTPYw7/q9j50/R/EZnvzrQVQCFu5jutMP6+tJkRebfZTMZCZizBDnw?=
 =?us-ascii?Q?FIuQL8Zmq5ojUwU3kYn0HbqIIfCc1Gp3JiQaRFgPKHKag4xrIGAfyEO+jYuT?=
 =?us-ascii?Q?wVxuxGxxqQmQ096gOu96F8NuBZ6SLAA+jrSKfjHqqnMSphHGDUIBd7TJnC7g?=
 =?us-ascii?Q?4iuFalQDlPrgB1x/pCosmPqhX8spo0l+tIlcHh93RPzmNg6YaL8svZQmpG1A?=
 =?us-ascii?Q?2+KOtkvOj87oZ0zdI6oG5oscw66/Jrbg1SJ9e55fnPRP9T/O2oI0q3wCa2pE?=
 =?us-ascii?Q?F6sO2f5LBBqOeSVx46LGVCODdU1RLvNyn0pg27vm0aI/oafYO/COIw3kqFF6?=
 =?us-ascii?Q?Uv/5wNBewn8QGcwXCQXs7MXMyOYzhSeZdOYyTaORAC2eRXaVkt5ZoGm6Y1AO?=
 =?us-ascii?Q?uymDVOBXeFIL2DBEgzyF0ictGyLRv+P2rxP+tQ20H6UW1TVDow3E8uZo5IuL?=
 =?us-ascii?Q?jKUlpJLVhbf97JOrteS3SiPCSfL1QSlO+PB5L4akayZevJJ9ffif2tLWfr1e?=
 =?us-ascii?Q?ash5QRzfeUB/n74ZtYagzbYkPX6PV8/AfOk/mwQSqHodewOICXcRha4c+Aft?=
 =?us-ascii?Q?6MfD+Fi/5jFmPe9+X1bIKT0HSxfQ1uJyZcOPNt+yA3QNHQBsWEqgYbasWSVk?=
 =?us-ascii?Q?h6lRnSB8+rgNKR/iEy9Tiv/5hoepJmFvyVodMvZEIvG13/2/+L22DD5syTFc?=
 =?us-ascii?Q?g6qVwLaAj+rV/BRAxsemR2LcY8sJjvapXKW8REWKb5eoW/Mxz7zK0vQb7Byd?=
 =?us-ascii?Q?oCeymYEMZn1S/KhOXn7sWucN4xLXBSKUVRUkrwlmKrugnio5duMec/9d3OhR?=
 =?us-ascii?Q?QfkSon0alHaZwA3iWBYW4CyLWdsRv2T2MV6bU2B+UT/xll1PJL75uz5aCkE9?=
 =?us-ascii?Q?4Pir/4zPkO+r3a0P2vmC5mKEYnGzfR7KgL7BTZ6EDxwv1icuJNT1VvRAfJtp?=
 =?us-ascii?Q?eIu3SyjqlWzRml0zqWN5fGmC2PKHQbZO7hyKzc0X9pf2Tm6JLrDg31jIJB5G?=
 =?us-ascii?Q?HGvMIiB27gHbqxYWXOaXM9js1T/3POL6Y+lwH67xaaVqeD/egoylkXlBo5fh?=
 =?us-ascii?Q?/ykPqqe79LRGrD8YQL7uRhjRbv/Fw0fS8Yx2b7z3AV38498xR1rLrnm7v4qe?=
 =?us-ascii?Q?vRjMACCJtCptnaBieyI8pkV1p5/z4v6tuRm2JUiKV7r5cDTiJj6nmxzSlanq?=
 =?us-ascii?Q?5D629ernaNeSzdCOlTC8mWLBrlm9vq4HtP1L9Ua6TRr4IyFOFoXx+dN3Ra10?=
 =?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;6:PvlgfMdHx/Yuj9GVA9EOLexQlTA3SFSzUL6B1m80qKCQPIm5znJWvJsWzWjcjzN62/EBBRN63kpi3NBCYgYoRrTfu4DZY+HPyfgyhvS15j5D6B4yVvvMKSv72/ri932y7tnKINa4ySrDDyNWNXFNUQVheyy8r/f7GJd83gLjAXUWtJS8rQd8miqbgqqyNd+7DBP50G+IcW/U4n3CgJiZKcWGO0stlkQpqxcE1CF7C54Q7yRlVp5m3d0Tx9JPLnZ9Syjyw7GyE/NhsA3GQ90vwd5ehqom2193BkOkbSQueIB7xQ28jDbTXAKBzPyD7wpwU/lXVP/3MUqF8LTcBt+s0w==;5:BB6/x9UoTBR96KdBZ5yzqbuGuxRWeJzBBYCKt95qZmqIf7/kHauaEj2ez21l4JuGxv2PpWeK8cRXTq4uKVnHD+GMVamCb1LwhxUbX/eVGYXQHMLWgpm9AsLS1vppksbBEC50lKy9nc2kite3YLMpmU9Oahz1wTy23dgALq3dlkk=;24:CVlshZoZUc/3nW1/pWVfOc5fDC3KUXhHHDKg4ZqTxodjfgGcZh6juoZeHIwYiG/DcW+vgUF+sKHCTgIL0ES15U8iDkvde9UmwQYA6MUR7rs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;7:YnznasHX0toOs0yRQ4OuCTW6KUj3RldJXUKbS8yDLBSFOgf85Q59IpW+t2hXlNpgMGLYj6FSNlM4k7tiyszU+PlZKMd4ptB/t3LoNKfV5rY5zb+0u2loiv1AZol+QQ8sWGpmALVBOMBxhgKG40sxiqIzdC4Q6y98ZfhAH3BkIRW+HVkWReh5K3GhVoEXVyUx4+JJ8xxvWwvoDxYoXkrazyGuj8AS70qO7L+JCw2LXH4AXR8mSbUSFqH/LZfb3tLrhL+uVgfqdvEy3vt71bDbM/F7vP3u9QrfoyU4WmeDMSZTUNo/NBtYZZcHeSrY6qE07vNvRboXscMYwIjFxGJb7tJ+obk0phBAfYs4Lbe+j80cxUQ112YVXha/ZGFZnK9uJpV35wrIW5zwRnFPCr72tw==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2016 19:08:04.5765
 (UTC)
X-MS-Exchange-CrossTenant-Id: e0ed04de-a27a-4e49-9c5b-00e094701550
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB2255
X-MS-Exchange-Organization-AuthSource: SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0678053
X-Microsoft-Exchange-Diagnostics:
      1;CY4PR01MB2245;9:LWsAiZlmEsc+xfB9sfC8USvtLDQdTuNR3Rv+o9B2+QHdl2I7KRk94+MMm/ErcXzCygquWoyZ5UHy/vg3V6ZrE62lUKkUTctxPBOX/obussD/SeMqLUAK5vlTdHZZ4SxrV0R/uhNVlzp7SQcn+VkMw2a4kFeByw7JFDc+aY595Ri74U8HLUjh9z9SGSy9GVKAIDyqUmmOF0AKlZK5xEtqH0GDziZxQRoSDsdL3KQCsEQ=

Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>

This is the source of the emails.

Phishing is determined by content. That is why I said to whitelist the address.

That's not a setting K5 can configure since his organization sent the email.

The client does use Zixmail to send encrypted email.  I'm not the familiar with it.  Let me check with Zixmail tomorrow.

Sounds good, I'll check back later and we'll eventually get it worked out.  Have a nice night.