Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Email be flagged as Phishing from Exchange 2010

Posted on 2016-11-01
12
Medium Priority
?
302 Views
Last Modified: 2016-11-06
A couple of our users have had their email flagged as phishing in Outlook 2013, 2016.  Is there a way to stop this.  I contacted our ISP to verify that we had a PTR record and the connectors in Exchange are correct.
0
Comment
Question by:K5-Tech
  • 5
  • 4
  • 3
12 Comments
 
LVL 99

Expert Comment

by:John Hurst
ID: 41868973
The only practical way I know around this is to Whitelist the users in question. There is so much spam, phishing and ransomware emails now that you will not likely get a hearing from your ISP. You can try. I just use my Whitelist as needed.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41868998
Did you users receive an NDR you can share?  That should help us narrow down the root cause.
0
 

Author Comment

by:K5-Tech
ID: 41869010
There was no NDR.  The messages are getting delivered they just have all of the links and attachments disabled until the receiver clicks to enable them.  

The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled.  If you trust this message and want to turn that functionality back on, click here.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41869018
It's tough to say for sure without examining headers.  Feel free to send to me in a private message and I can report back results.
1
 
LVL 99

Expert Comment

by:John Hurst
ID: 41869024
You cannot use Private Messaging in this forum to solve problems.

If you wish to post the headers, please post them here.
0
 

Author Comment

by:K5-Tech
ID: 41869042
Received: from MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) by
 CY4PR01MB2245.prod.exchangelabs.com (10.169.250.143) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchangelabs.com (10.163.25.19) by
 MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
 (2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.office365.com
 (2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12 via
 Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
 smtp.mailfrom=axisbenefits.com; k5-tech.com; dkim=none (message not signed)
 header.d=none;k5-tech.com; dmarc=permerror action=none
 header.from=axisbenefits.com;k5-tech.com; dkim=none (message not signed)
 header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)
Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
      by Outbound.omegatechnologygroup.net (Proprietary) with SMTP id 1C3B5E716E
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc.comcastbusiness.net [50.193.80.133])
      (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
      (No client certificate requested)
      by zix01.omegatechnologygroup.net (Proprietary) with ESMTPS id 1C826E703C
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c]) by
 AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c%10]) with mapi id
 14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0SLqgAA74LwAAAXTkA=
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>
References: <CC2918922F8865409382803E095EB5942FF9393C@AXISSERVER.axisbenefits.local>
 <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
In-Reply-To: <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
      boundary="_004_CC2918922F8865409382803E095EB5942FF93D59AXISSERVERaxisb_";
      type="multipart/alternative"
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c42c5eda832
X-VPM-HOST: zix01.omegatechnologygroup.net
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf3fd0d9af9f
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization-Network-Message-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e0ed04de-a27a-4e49-9c5b-00e094701550:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: =?us-ascii?Q?CIP:162.220.84.151;IPV:NLI;CTRY:;EFV:NLI;SFV:NSPM;SFS:(97900?=
 =?us-ascii?Q?2)(8156002)(2980300002)(428002)(3020300005)(189002)(199003)(?=
 =?us-ascii?Q?52314003)(501574003)(377454003)(55846006)(19627595001)(19617?=
 =?us-ascii?Q?315012)(15975445007)(84326002)(92566002)(5310100001)(1096003?=
 =?us-ascii?Q?)(8896002)(18206015028)(19300405004)(2900100001)(6916009)(29?=
 =?us-ascii?Q?20100001)(10126002)(2950100002)(16236675004)(3480700004)(509?=
 =?us-ascii?Q?86999)(221733001)(99936001)(54356999)(76176999)(19580395003)?=
 =?us-ascii?Q?(19580405001)(5890100001)(5250100002)(512954002)(9686002)(26?=
 =?us-ascii?Q?0700001)(7696004)(67866002)(7906003)(236004)(33656002)(66926?=
 =?us-ascii?Q?002)(3846002)(101416001)(98436002)(586003)(102836003)(790700?=
 =?us-ascii?Q?001)(10000500002)(11100500001)(7596002)(110136003)(189998001?=
 =?us-ascii?Q?)(105586002)(450100001)(19625215002)(6116002)(7116003)(57578?=
 =?us-ascii?Q?4001)(86362001)(356003)(7636002)(17760045003)(107886002)(626?=
 =?us-ascii?Q?004)(7736002)(7846002)(5660300001)(8676002)(106466001)(24600?=
 =?us-ascii?Q?2)(7099028)(111123002)(7090600002)(969003)(989001)(999001)(1?=
 =?us-ascii?Q?009001)(1019001);DIR:INB;SFP:;SCL:1;SRVR:MWHPR01MB2255;H:zix?=
 =?us-ascii?Q?01.omegatechnologygroup.net;FPR:;SPF:None;PTR:zix01.omegatec?=
 =?us-ascii?Q?hnologygroup.net;MX:1;A:1;LANG:en;?=
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM01FT002;1:XJgjffcBtyWgle3zYBfLWOhPPZ/fG1eJma5THdtuKHRhnEJB26FGSBFHfrm0DB5WZ9BbbtSxEjs9/EvUMwWgB2gZh8atslW7tREpjleUd5+IG8AfVLyRi6bDQLN3BCRasc4O59nlqEALUmhEBxugpWB2JOGVKuGKwSmuNK5RcSG3sUDgYOQtLqlP2tYWpLFXQuS+zRFQGugRRKsyuJIh8is7QWOYIhnCBChZa7pdFCZ+gBfLJmh3e2tsfoqTeD9wtxh5ENBwbMz+0AMD6F14JDajJZI7I/UyrsF2oSgllqZzwp6SP2jL1hj+oyE5mgJ7C0zZ02SD+/MJ9C8LhJE+ASotj89WKAbYhOi6tGuKsj5t+R64t8xPxLcFkJhrp4leUhis4fcwmCssNZZ1kp8DfCNAQkFFkzkL3xr25JKNvtYbH+/m991AGcEkaIr3005W8TLOfxdQZmRXTaszkv3fkBJwBmBwUwx+JhoFjfGN64fc1nWmVfzIhBzX0YR9ayPpIX5f4VpI1brqt81eZUL+37ZLs7bs8KYSYSyde4jeqmA=
X-MS-Office365-Filtering-Correlation-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;2:WDnAUl0x9sLZN5LHCzhO4D4MF0nnXeb2bp5KU59JSRiFE9zsW6i0v9UW7McQYTOmaDsujfYjyXXOj8eT4jmvaHrnZnS8Zpzt0LHCChqhSa31QqvhjEsWZCdKL9ox9BtUx1mcUp3TyDR2ZCyLmCzAUv12yAc/BWspG1Bn3wK//26HlRZO4NE4cKk/a6n5mKoY+wAtGi9ABKnkD8nJVdNVXw==;3:HlCYQYi+hbJClYxwZGUgrnpShKlkOVniqr7bk255Qb+PFvgcGYmE5I+rNPkMb892do2LQBORLPwgMq/yYIP8gjjl29v3dYRsZHQkdtaMj3563lQig09v9sIp7SclNdHbsK3V+hr47ZIYgqlcXQdk4gQCA7hnPY8sz5iAbm9oBNcEmI9npzATOYysR2lCA+cqB4xxI4t3KVPlkg34gJk1W0IEOpKgpFfhiPjGX4gGFHLBuztyV6Er7RiKaI9ECAoAc3aiOTAJyl3s9YL+CZFXVIoNH5PRVqZX3LlDJSnqpd0=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(81800161)(71701004);SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;25:215FqlAaJZXLT/FGao5ztsRJkG2HKUSoy+3Ld3BZJ?=
 =?us-ascii?Q?XjpvJrHpIs+WQaUp68CEhWL1L6KYZcPsEpVYYLY21pFYWECjSB9N3CmC1BpV?=
 =?us-ascii?Q?pPx8DT2sulvllMQA8KNeDXfFytQeQ0D8x7aNSwWMYAhXaUSwVOUpyq5hdv4r?=
 =?us-ascii?Q?VD7r31Tg2uVhkQiFkhWew0xfdp1dyiaxiuerv71g+5hCcD++KIO7do/yoMdh?=
 =?us-ascii?Q?K3lwG3rttN8ZfqI1Iv80PuYIPPumbDSgc/5OlfT8SS2o/K+LRpCDaDKY4itd?=
 =?us-ascii?Q?EozkesMG2BpEOipGuQ0JeVHyqHvZpLsEtx7gK5G3NB22MEABOXoND1tEVRST?=
 =?us-ascii?Q?4KEAA2MWnBoqyOQiPkQ+mvcLSOg/sYX/ofdlaqikVVBQIB6VgJGeplothonO?=
 =?us-ascii?Q?udPlM+yj02lnYuB3k2BaKucanwDIaPRHqHFplrCg5Yuc1QPeFus9qYn3TZYQ?=
 =?us-ascii?Q?FkXv1632bsUz4rydsnlvez2m2XYM5aWVQhQoEkyycIz5REVq04bR3eW64k3G?=
 =?us-ascii?Q?tWWmeK3/lp8bcKCdCBeyocJLykGFnZDLZSBBVEtujD1+3jaWc1Cq6JMhoGEy?=
 =?us-ascii?Q?K8SL/Pb5MKAMQ4ve7WjHKbFNzDNWJpoZdUzyLBya1+oPABGZMD+PjDdjRDDl?=
 =?us-ascii?Q?q8B7ymaswV4E+V8CjUVYPYxJ1SBYpxISbsynlBoX8syUtVFa48dowOL0t0+V?=
 =?us-ascii?Q?VUMcDITIRZksAxpqVf/0VTELHFWLdVLbyy9s1yVlF4DF+BvSZcGMLTa3HRuq?=
 =?us-ascii?Q?ISaUv3hJiJLlbJD9iUbON+P0o6u/JJo+ZoaBLMph8AMFLP/PpxL7JcO5/sfs?=
 =?us-ascii?Q?xl6tMc/HNaBqwagBiE9kiqxDYlwqcwnhwLAWojlJMuFjWKGAh52NjoIaVaMy?=
 =?us-ascii?Q?w2K2PLpPfTWNw7jrkiFtVJ7v8z9S3kRdWz5o8Ds0Nd3qI+ohp5kgp6CsO/M5?=
 =?us-ascii?Q?dWYWMbYI1Mh1h9vNfpq5GOYwjpUzLmQ+IBrkGyznqzpsUEZMY1oHwZ32zctB?=
 =?us-ascii?Q?mMB+8y+j6g2+cSmwJWI4n8DPE8qPmDJtxrRpEfqB8wP5yw64qWTknW7LU0nU?=
 =?us-ascii?Q?cXkewapuAqgjfjlTiB3MdYtlLDy0Ruetfprbu5/yuVsM5eO1lzem0RyrmjiK?=
 =?us-ascii?Q?AgsPooo7UsH+FeqLczDDhd+RwTLqUHo268T2QXjDcWaN91lcEutSYj9k0DFA?=
 =?us-ascii?Q?h15nDsl0/MBkr8=3D?=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;31:cNkU30ybLFlxmPORnGhEINqdXzNPuKsfATPyNs8fFDzCKFhV7hEOXtKd2uT2Ko2eerFQ6sEqb8aSpKL8nkkqSqfZ+5DGPSD1dHEZzQWRfKf3tAu2VQQZSLJkKMfSrA3tWMekTgxNd02KV5to0RML8DuZsiIkKwxRmMj8EL8rtX5Ph/K8oxqsWE/OF1PbNsK+VhMcwscCuzk33XwFsIIX8xtGEubqu3jiHAaAqBBl7PJ89wNOvdNyLjY9/oWu0E/ziaqW7EDBlYBcZrKMa85igjNF9rXN/if7Df8Knvzcjco=
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(63888751443075)(50066401698855)(21748063052155)(275809806118684);
X-MS-Exchange-Organization-PCL: 4
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:8;RULEID:(102415321)(9101531078)(2401047)(13018025)(13016025)(8121501046)(9101536074)(10201501046)(3002001)(920200223);SRVR:MWHPR01MB2255;BCL:0;PCL:8;RULEID:;SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;4:XhrXH/+Sjpntjg2od+BbakuslhEZ6KAyqgXTMjs3Si5l3tX4s/CQRdRhkcjekoWA5ta41pSr5LitxG7g/cQLJs5//GsNfEMIwd8oQia3adllsHineQmxlvxsai8s+9mA2aIU4xQjRtPRRgyHxyJzYwwNfQBC+53Lj77ShXS1bSesJyieGVNby1G66QOE5WzSmLs8TsN0vAXtaZmSAPsMEAHsfxyz+d5xRs8MzxA7rZAQxh8sOXcQN/BuQGZEvWL8ZHdMD9v3lSYM8FHbSCYRPSoi0Pk+qA/C3Sztuk5S+/zq8tEreBdOGlz6dWciwhndF3RPPEjivP3f8oVy4+OcEIynArDp/siKZj4gXaiyfqOlMA73fdC+FrGz8KV+HLh6y6+0kvZuHVDZGe14U7pmG73oSD1G/DSNbYaXesoPCW3FHPt44j75YtxGbwBYXh5KgVXwLXepP97UA96Y1Xu3Q5O38hJ/drYo5gJXvdvkmp7e/IJZ/VC6uSBKYFDTMT4R790Pvg0H4SiakciWaO1+uPvnw7iwau1uDFHO1KiclkufAGbLNZUX4z+upwS0RJyUdmR9m38RrbRlSjoVqKQIqBhEByqarD57OhUTg5ixQRBKcyG1humSoByOMvy/oMLMoql7UnPswBqIUAEeczub3+ohroZqji22EAA47OOu6xI=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;23:KGzVaZdJf7rMQcCF6h9A2gUmw1U/XpTTHzhPaQpSU?=
 =?us-ascii?Q?daIgLes9zwEOI4rqZFdBE9Z9jqiiRFsKG5Yb2G+uUoc2wtDsDU7x2Jrm+npE?=
 =?us-ascii?Q?lecET6q6YuykwOvKBTJSHhoTxnyAv9qnqftP3ozXHg5U11pbAnGwFPPcS5Zm?=
 =?us-ascii?Q?8G0p7zN+gHvxqtuJTg/D+qMx/qHCtLTcvAqqk5tRfAv65gsjweVYzKRpahCB?=
 =?us-ascii?Q?mGRAJ6ZK3cQTcKIcMXXLcQ7gtJE2xdatel+NTTPLzM0oYD8Xh/kfydohf2+n?=
 =?us-ascii?Q?s7ePjvCTq7+2IrirT9lawg9Hm2Kh3GDY1w82D9iNJcsYtCCJh5mmZA+3cP4l?=
 =?us-ascii?Q?di6pQjOU/DP9lROeEwOCX/0nYv044DwsW8MeLKkkl7kKioLczO6XzMSxN8wU?=
 =?us-ascii?Q?9VzCwQD9nXjz+qR7F6GwWF2XzaMlWgLz9og2yXb3T/tY6QS7m/gHL/+ndHba?=
 =?us-ascii?Q?ZKsqDpvnwys4EPIzJsOhD2iGXkiZeDObHBqbWRtu4lsl/s2yuo+gQBNqEKS0?=
 =?us-ascii?Q?5EmAVTj5/oHhyZrJQY9F0+vE0H5qpaeG0ftlFEb1p5gXabx+S8SJCArwY+xS?=
 =?us-ascii?Q?w5DNrNTErPHkAJX7ebtwpEn6L8rkRjGogbm7DeQz03hks/7O3edrKlbchMki?=
 =?us-ascii?Q?PLk+kccbLNaTOdMTy2gpnXV2bYsJUNpkCCznukFcW+CMIKQc8zYd7s/gGU9Q?=
 =?us-ascii?Q?rCY/PyBTPYw7/q9j50/R/EZnvzrQVQCFu5jutMP6+tJkRebfZTMZCZizBDnw?=
 =?us-ascii?Q?FIuQL8Zmq5ojUwU3kYn0HbqIIfCc1Gp3JiQaRFgPKHKag4xrIGAfyEO+jYuT?=
 =?us-ascii?Q?wVxuxGxxqQmQ096gOu96F8NuBZ6SLAA+jrSKfjHqqnMSphHGDUIBd7TJnC7g?=
 =?us-ascii?Q?4iuFalQDlPrgB1x/pCosmPqhX8spo0l+tIlcHh93RPzmNg6YaL8svZQmpG1A?=
 =?us-ascii?Q?2+KOtkvOj87oZ0zdI6oG5oscw66/Jrbg1SJ9e55fnPRP9T/O2oI0q3wCa2pE?=
 =?us-ascii?Q?F6sO2f5LBBqOeSVx46LGVCODdU1RLvNyn0pg27vm0aI/oafYO/COIw3kqFF6?=
 =?us-ascii?Q?Uv/5wNBewn8QGcwXCQXs7MXMyOYzhSeZdOYyTaORAC2eRXaVkt5ZoGm6Y1AO?=
 =?us-ascii?Q?uymDVOBXeFIL2DBEgzyF0ictGyLRv+P2rxP+tQ20H6UW1TVDow3E8uZo5IuL?=
 =?us-ascii?Q?jKUlpJLVhbf97JOrteS3SiPCSfL1QSlO+PB5L4akayZevJJ9ffif2tLWfr1e?=
 =?us-ascii?Q?ash5QRzfeUB/n74ZtYagzbYkPX6PV8/AfOk/mwQSqHodewOICXcRha4c+Aft?=
 =?us-ascii?Q?6MfD+Fi/5jFmPe9+X1bIKT0HSxfQ1uJyZcOPNt+yA3QNHQBsWEqgYbasWSVk?=
 =?us-ascii?Q?h6lRnSB8+rgNKR/iEy9Tiv/5hoepJmFvyVodMvZEIvG13/2/+L22DD5syTFc?=
 =?us-ascii?Q?g6qVwLaAj+rV/BRAxsemR2LcY8sJjvapXKW8REWKb5eoW/Mxz7zK0vQb7Byd?=
 =?us-ascii?Q?oCeymYEMZn1S/KhOXn7sWucN4xLXBSKUVRUkrwlmKrugnio5duMec/9d3OhR?=
 =?us-ascii?Q?QfkSon0alHaZwA3iWBYW4CyLWdsRv2T2MV6bU2B+UT/xll1PJL75uz5aCkE9?=
 =?us-ascii?Q?4Pir/4zPkO+r3a0P2vmC5mKEYnGzfR7KgL7BTZ6EDxwv1icuJNT1VvRAfJtp?=
 =?us-ascii?Q?eIu3SyjqlWzRml0zqWN5fGmC2PKHQbZO7hyKzc0X9pf2Tm6JLrDg31jIJB5G?=
 =?us-ascii?Q?HGvMIiB27gHbqxYWXOaXM9js1T/3POL6Y+lwH67xaaVqeD/egoylkXlBo5fh?=
 =?us-ascii?Q?/ykPqqe79LRGrD8YQL7uRhjRbv/Fw0fS8Yx2b7z3AV38498xR1rLrnm7v4qe?=
 =?us-ascii?Q?vRjMACCJtCptnaBieyI8pkV1p5/z4v6tuRm2JUiKV7r5cDTiJj6nmxzSlanq?=
 =?us-ascii?Q?5D629ernaNeSzdCOlTC8mWLBrlm9vq4HtP1L9Ua6TRr4IyFOFoXx+dN3Ra10?=
 =?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;6:PvlgfMdHx/Yuj9GVA9EOLexQlTA3SFSzUL6B1m80qKCQPIm5znJWvJsWzWjcjzN62/EBBRN63kpi3NBCYgYoRrTfu4DZY+HPyfgyhvS15j5D6B4yVvvMKSv72/ri932y7tnKINa4ySrDDyNWNXFNUQVheyy8r/f7GJd83gLjAXUWtJS8rQd8miqbgqqyNd+7DBP50G+IcW/U4n3CgJiZKcWGO0stlkQpqxcE1CF7C54Q7yRlVp5m3d0Tx9JPLnZ9Syjyw7GyE/NhsA3GQ90vwd5ehqom2193BkOkbSQueIB7xQ28jDbTXAKBzPyD7wpwU/lXVP/3MUqF8LTcBt+s0w==;5:BB6/x9UoTBR96KdBZ5yzqbuGuxRWeJzBBYCKt95qZmqIf7/kHauaEj2ez21l4JuGxv2PpWeK8cRXTq4uKVnHD+GMVamCb1LwhxUbX/eVGYXQHMLWgpm9AsLS1vppksbBEC50lKy9nc2kite3YLMpmU9Oahz1wTy23dgALq3dlkk=;24:CVlshZoZUc/3nW1/pWVfOc5fDC3KUXhHHDKg4ZqTxodjfgGcZh6juoZeHIwYiG/DcW+vgUF+sKHCTgIL0ES15U8iDkvde9UmwQYA6MUR7rs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;7:YnznasHX0toOs0yRQ4OuCTW6KUj3RldJXUKbS8yDLBSFOgf85Q59IpW+t2hXlNpgMGLYj6FSNlM4k7tiyszU+PlZKMd4ptB/t3LoNKfV5rY5zb+0u2loiv1AZol+QQ8sWGpmALVBOMBxhgKG40sxiqIzdC4Q6y98ZfhAH3BkIRW+HVkWReh5K3GhVoEXVyUx4+JJ8xxvWwvoDxYoXkrazyGuj8AS70qO7L+JCw2LXH4AXR8mSbUSFqH/LZfb3tLrhL+uVgfqdvEy3vt71bDbM/F7vP3u9QrfoyU4WmeDMSZTUNo/NBtYZZcHeSrY6qE07vNvRboXscMYwIjFxGJb7tJ+obk0phBAfYs4Lbe+j80cxUQ112YVXha/ZGFZnK9uJpV35wrIW5zwRnFPCr72tw==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2016 19:08:04.5765
 (UTC)
X-MS-Exchange-CrossTenant-Id: e0ed04de-a27a-4e49-9c5b-00e094701550
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB2255
X-MS-Exchange-Organization-AuthSource: SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0678053
X-Microsoft-Exchange-Diagnostics:
      1;CY4PR01MB2245;9:LWsAiZlmEsc+xfB9sfC8USvtLDQdTuNR3Rv+o9B2+QHdl2I7KRk94+MMm/ErcXzCygquWoyZ5UHy/vg3V6ZrE62lUKkUTctxPBOX/obussD/SeMqLUAK5vlTdHZZ4SxrV0R/uhNVlzp7SQcn+VkMw2a4kFeByw7JFDc+aY595Ri74U8HLUjh9z9SGSy9GVKAIDyqUmmOF0AKlZK5xEtqH0GDziZxQRoSDsdL3KQCsEQ=
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 41869054
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>

This is the source of the emails.
0
 
LVL 16

Accepted Solution

by:
Jason Crawford earned 2000 total points
ID: 41869277
Yes that's true John but that info doesn't really help determine why it's being flagged as a phishing email.  Here's what I see:

Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)

 Authentication-Results: spf=none (sender IP is 162.220.84.151)

 Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000

K5 - do you use omegatechnologygroup.net as an outbound smarthost?  It looks like a omegatechnologygroup.net server handed this email off to an Exchange Online server with Office 365, and it's not helping that the omegatechnologygroup.net WAN IP of 162.220.84.151 isn't included in the SPF record for axisbenefits.com.  In fact that domain doesn't have an SPF record at all:

spf.PNG
I would add an SPF record for your domain and include all IPs that will be sending email for your organization.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 41869278
Phishing is determined by content. That is why I said to whitelist the address.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41869283
That's not a setting K5 can configure since his organization sent the email.
0
 

Author Comment

by:K5-Tech
ID: 41869286
The client does use Zixmail to send encrypted email.  I'm not the familiar with it.  Let me check with Zixmail tomorrow.
0
 
LVL 16

Expert Comment

by:Jason Crawford
ID: 41869323
Sounds good, I'll check back later and we'll eventually get it worked out.  Have a nice night.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month11 days, 21 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question