Solved

Email be flagged as Phishing from Exchange 2010

Posted on 2016-11-01
12
81 Views
Last Modified: 2016-11-06
A couple of our users have had their email flagged as phishing in Outlook 2013, 2016.  Is there a way to stop this.  I contacted our ISP to verify that we had a PTR record and the connectors in Exchange are correct.
0
Comment
Question by:K5-Tech
  • 5
  • 4
  • 3
12 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 41868973
The only practical way I know around this is to Whitelist the users in question. There is so much spam, phishing and ransomware emails now that you will not likely get a hearing from your ISP. You can try. I just use my Whitelist as needed.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41868998
Did you users receive an NDR you can share?  That should help us narrow down the root cause.
0
 

Author Comment

by:K5-Tech
ID: 41869010
There was no NDR.  The messages are getting delivered they just have all of the links and attachments disabled until the receiver clicks to enable them.  

The message reads:
This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled.  If you trust this message and want to turn that functionality back on, click here.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41869018
It's tough to say for sure without examining headers.  Feel free to send to me in a private message and I can report back results.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41869024
You cannot use Private Messaging in this forum to solve problems.

If you wish to post the headers, please post them here.
0
 

Author Comment

by:K5-Tech
ID: 41869042
Received: from MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) by
 CY4PR01MB2245.prod.exchangelabs.com (10.169.250.143) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16 via Mailbox Transport; Tue, 1 Nov 2016 19:08:07 +0000
Received: from BY2PR01CA0009.prod.exchangelabs.com (10.163.25.19) by
 MWHPR01MB2255.prod.exchangelabs.com (10.169.234.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.649.16; Tue, 1 Nov 2016 19:08:05 +0000
Received: from SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
 (2a01:111:f400:7e40::209) by BY2PR01CA0009.outlook.office365.com
 (2a01:111:e400:5262::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12 via
 Frontend Transport; Tue, 1 Nov 2016 19:08:05 +0000
Authentication-Results: spf=none (sender IP is 162.220.84.151)
 smtp.mailfrom=axisbenefits.com; k5-tech.com; dkim=none (message not signed)
 header.d=none;k5-tech.com; dmarc=permerror action=none
 header.from=axisbenefits.com;k5-tech.com; dkim=none (message not signed)
 header.d=none;
Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)
Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000
Received: from 127.0.0.1 (ZixVPM [127.0.0.1])
      by Outbound.omegatechnologygroup.net (Proprietary) with SMTP id 1C3B5E716E
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:04 -0400 (EDT)
Received: from mail.axisbenefits.com (50-193-80-133-static.hfc.comcastbusiness.net [50.193.80.133])
      (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
      (No client certificate requested)
      by zix01.omegatechnologygroup.net (Proprietary) with ESMTPS id 1C826E703C
      for <bkeating@k5-tech.com>; Tue,  1 Nov 2016 15:08:03 -0400 (EDT)
Received: from AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c]) by
 AXISSERVER.axisbenefits.local ([fe80::c238:bfeb:1f1:578c%10]) with mapi id
 14.01.0438.000; Tue, 1 Nov 2016 14:08:02 -0500
From: Kathy Beggerow <kathy@axisbenefits.com>
To: Brian Keating <bkeating@k5-tech.com>
Subject: RE: another test
Thread-Topic: another test
Thread-Index: AdI0bxzuVH8eg+h+T9ybwC/Ri0SLqgAA74LwAAAXTkA=
Date: Tue, 1 Nov 2016 19:08:01 +0000
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>
References: <CC2918922F8865409382803E095EB5942FF9393C@AXISSERVER.axisbenefits.local>
 <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
In-Reply-To: <CY4PR01MB224567BB6D8C12DC713A0DEEC5A10@CY4PR01MB2245.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.0.32]
Content-Type: multipart/related;
      boundary="_004_CC2918922F8865409382803E095EB5942FF93D59AXISSERVERaxisb_";
      type="multipart/alternative"
MIME-Version: 1.0
X-VPM-MSG-ID: 5b1ddb38-0109-4965-847a-5c42c5eda832
X-VPM-HOST: zix01.omegatechnologygroup.net
X-VPM-GROUP-ID: 297fe3f1-61fd-4651-b2d2-cf3fd0d9af9f
X-VPM-ENC-REGIME: ZixSMIME,Plaintext
X-VPM-IS-HYBRID: 0
Return-Path: kathy@axisbenefits.com
X-MS-Exchange-Organization-Network-Message-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e0ed04de-a27a-4e49-9c5b-00e094701550:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: =?us-ascii?Q?CIP:162.220.84.151;IPV:NLI;CTRY:;EFV:NLI;SFV:NSPM;SFS:(97900?=
 =?us-ascii?Q?2)(8156002)(2980300002)(428002)(3020300005)(189002)(199003)(?=
 =?us-ascii?Q?52314003)(501574003)(377454003)(55846006)(19627595001)(19617?=
 =?us-ascii?Q?315012)(15975445007)(84326002)(92566002)(5310100001)(1096003?=
 =?us-ascii?Q?)(8896002)(18206015028)(19300405004)(2900100001)(6916009)(29?=
 =?us-ascii?Q?20100001)(10126002)(2950100002)(16236675004)(3480700004)(509?=
 =?us-ascii?Q?86999)(221733001)(99936001)(54356999)(76176999)(19580395003)?=
 =?us-ascii?Q?(19580405001)(5890100001)(5250100002)(512954002)(9686002)(26?=
 =?us-ascii?Q?0700001)(7696004)(67866002)(7906003)(236004)(33656002)(66926?=
 =?us-ascii?Q?002)(3846002)(101416001)(98436002)(586003)(102836003)(790700?=
 =?us-ascii?Q?001)(10000500002)(11100500001)(7596002)(110136003)(189998001?=
 =?us-ascii?Q?)(105586002)(450100001)(19625215002)(6116002)(7116003)(57578?=
 =?us-ascii?Q?4001)(86362001)(356003)(7636002)(17760045003)(107886002)(626?=
 =?us-ascii?Q?004)(7736002)(7846002)(5660300001)(8676002)(106466001)(24600?=
 =?us-ascii?Q?2)(7099028)(111123002)(7090600002)(969003)(989001)(999001)(1?=
 =?us-ascii?Q?009001)(1019001);DIR:INB;SFP:;SCL:1;SRVR:MWHPR01MB2255;H:zix?=
 =?us-ascii?Q?01.omegatechnologygroup.net;FPR:;SPF:None;PTR:zix01.omegatec?=
 =?us-ascii?Q?hnologygroup.net;MX:1;A:1;LANG:en;?=
X-Microsoft-Exchange-Diagnostics: 1;SN1NAM01FT002;1:XJgjffcBtyWgle3zYBfLWOhPPZ/fG1eJma5THdtuKHRhnEJB26FGSBFHfrm0DB5WZ9BbbtSxEjs9/EvUMwWgB2gZh8atslW7tREpjleUd5+IG8AfVLyRi6bDQLN3BCRasc4O59nlqEALUmhEBxugpWB2JOGVKuGKwSmuNK5RcSG3sUDgYOQtLqlP2tYWpLFXQuS+zRFQGugRRKsyuJIh8is7QWOYIhnCBChZa7pdFCZ+gBfLJmh3e2tsfoqTeD9wtxh5ENBwbMz+0AMD6F14JDajJZI7I/UyrsF2oSgllqZzwp6SP2jL1hj+oyE5mgJ7C0zZ02SD+/MJ9C8LhJE+ASotj89WKAbYhOi6tGuKsj5t+R64t8xPxLcFkJhrp4leUhis4fcwmCssNZZ1kp8DfCNAQkFFkzkL3xr25JKNvtYbH+/m991AGcEkaIr3005W8TLOfxdQZmRXTaszkv3fkBJwBmBwUwx+JhoFjfGN64fc1nWmVfzIhBzX0YR9ayPpIX5f4VpI1brqt81eZUL+37ZLs7bs8KYSYSyde4jeqmA=
X-MS-Office365-Filtering-Correlation-Id: a075226a-61d2-43fb-d715-08d4028a6879
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;2:WDnAUl0x9sLZN5LHCzhO4D4MF0nnXeb2bp5KU59JSRiFE9zsW6i0v9UW7McQYTOmaDsujfYjyXXOj8eT4jmvaHrnZnS8Zpzt0LHCChqhSa31QqvhjEsWZCdKL9ox9BtUx1mcUp3TyDR2ZCyLmCzAUv12yAc/BWspG1Bn3wK//26HlRZO4NE4cKk/a6n5mKoY+wAtGi9ABKnkD8nJVdNVXw==;3:HlCYQYi+hbJClYxwZGUgrnpShKlkOVniqr7bk255Qb+PFvgcGYmE5I+rNPkMb892do2LQBORLPwgMq/yYIP8gjjl29v3dYRsZHQkdtaMj3563lQig09v9sIp7SclNdHbsK3V+hr47ZIYgqlcXQdk4gQCA7hnPY8sz5iAbm9oBNcEmI9npzATOYysR2lCA+cqB4xxI4t3KVPlkg34gJk1W0IEOpKgpFfhiPjGX4gGFHLBuztyV6Er7RiKaI9ECAoAc3aiOTAJyl3s9YL+CZFXVIoNH5PRVqZX3LlDJSnqpd0=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(81800161)(71701004);SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;25:215FqlAaJZXLT/FGao5ztsRJkG2HKUSoy+3Ld3BZJ?=
 =?us-ascii?Q?XjpvJrHpIs+WQaUp68CEhWL1L6KYZcPsEpVYYLY21pFYWECjSB9N3CmC1BpV?=
 =?us-ascii?Q?pPx8DT2sulvllMQA8KNeDXfFytQeQ0D8x7aNSwWMYAhXaUSwVOUpyq5hdv4r?=
 =?us-ascii?Q?VD7r31Tg2uVhkQiFkhWew0xfdp1dyiaxiuerv71g+5hCcD++KIO7do/yoMdh?=
 =?us-ascii?Q?K3lwG3rttN8ZfqI1Iv80PuYIPPumbDSgc/5OlfT8SS2o/K+LRpCDaDKY4itd?=
 =?us-ascii?Q?EozkesMG2BpEOipGuQ0JeVHyqHvZpLsEtx7gK5G3NB22MEABOXoND1tEVRST?=
 =?us-ascii?Q?4KEAA2MWnBoqyOQiPkQ+mvcLSOg/sYX/ofdlaqikVVBQIB6VgJGeplothonO?=
 =?us-ascii?Q?udPlM+yj02lnYuB3k2BaKucanwDIaPRHqHFplrCg5Yuc1QPeFus9qYn3TZYQ?=
 =?us-ascii?Q?FkXv1632bsUz4rydsnlvez2m2XYM5aWVQhQoEkyycIz5REVq04bR3eW64k3G?=
 =?us-ascii?Q?tWWmeK3/lp8bcKCdCBeyocJLykGFnZDLZSBBVEtujD1+3jaWc1Cq6JMhoGEy?=
 =?us-ascii?Q?K8SL/Pb5MKAMQ4ve7WjHKbFNzDNWJpoZdUzyLBya1+oPABGZMD+PjDdjRDDl?=
 =?us-ascii?Q?q8B7ymaswV4E+V8CjUVYPYxJ1SBYpxISbsynlBoX8syUtVFa48dowOL0t0+V?=
 =?us-ascii?Q?VUMcDITIRZksAxpqVf/0VTELHFWLdVLbyy9s1yVlF4DF+BvSZcGMLTa3HRuq?=
 =?us-ascii?Q?ISaUv3hJiJLlbJD9iUbON+P0o6u/JJo+ZoaBLMph8AMFLP/PpxL7JcO5/sfs?=
 =?us-ascii?Q?xl6tMc/HNaBqwagBiE9kiqxDYlwqcwnhwLAWojlJMuFjWKGAh52NjoIaVaMy?=
 =?us-ascii?Q?w2K2PLpPfTWNw7jrkiFtVJ7v8z9S3kRdWz5o8Ds0Nd3qI+ohp5kgp6CsO/M5?=
 =?us-ascii?Q?dWYWMbYI1Mh1h9vNfpq5GOYwjpUzLmQ+IBrkGyznqzpsUEZMY1oHwZ32zctB?=
 =?us-ascii?Q?mMB+8y+j6g2+cSmwJWI4n8DPE8qPmDJtxrRpEfqB8wP5yw64qWTknW7LU0nU?=
 =?us-ascii?Q?cXkewapuAqgjfjlTiB3MdYtlLDy0Ruetfprbu5/yuVsM5eO1lzem0RyrmjiK?=
 =?us-ascii?Q?AgsPooo7UsH+FeqLczDDhd+RwTLqUHo268T2QXjDcWaN91lcEutSYj9k0DFA?=
 =?us-ascii?Q?h15nDsl0/MBkr8=3D?=
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;31:cNkU30ybLFlxmPORnGhEINqdXzNPuKsfATPyNs8fFDzCKFhV7hEOXtKd2uT2Ko2eerFQ6sEqb8aSpKL8nkkqSqfZ+5DGPSD1dHEZzQWRfKf3tAu2VQQZSLJkKMfSrA3tWMekTgxNd02KV5to0RML8DuZsiIkKwxRmMj8EL8rtX5Ph/K8oxqsWE/OF1PbNsK+VhMcwscCuzk33XwFsIIX8xtGEubqu3jiHAaAqBBl7PJ89wNOvdNyLjY9/oWu0E/ziaqW7EDBlYBcZrKMa85igjNF9rXN/if7Df8Knvzcjco=
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(63888751443075)(50066401698855)(21748063052155)(275809806118684);
X-MS-Exchange-Organization-PCL: 4
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:8;RULEID:(102415321)(9101531078)(2401047)(13018025)(13016025)(8121501046)(9101536074)(10201501046)(3002001)(920200223);SRVR:MWHPR01MB2255;BCL:0;PCL:8;RULEID:;SRVR:MWHPR01MB2255;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;4:XhrXH/+Sjpntjg2od+BbakuslhEZ6KAyqgXTMjs3Si5l3tX4s/CQRdRhkcjekoWA5ta41pSr5LitxG7g/cQLJs5//GsNfEMIwd8oQia3adllsHineQmxlvxsai8s+9mA2aIU4xQjRtPRRgyHxyJzYwwNfQBC+53Lj77ShXS1bSesJyieGVNby1G66QOE5WzSmLs8TsN0vAXtaZmSAPsMEAHsfxyz+d5xRs8MzxA7rZAQxh8sOXcQN/BuQGZEvWL8ZHdMD9v3lSYM8FHbSCYRPSoi0Pk+qA/C3Sztuk5S+/zq8tEreBdOGlz6dWciwhndF3RPPEjivP3f8oVy4+OcEIynArDp/siKZj4gXaiyfqOlMA73fdC+FrGz8KV+HLh6y6+0kvZuHVDZGe14U7pmG73oSD1G/DSNbYaXesoPCW3FHPt44j75YtxGbwBYXh5KgVXwLXepP97UA96Y1Xu3Q5O38hJ/drYo5gJXvdvkmp7e/IJZ/VC6uSBKYFDTMT4R790Pvg0H4SiakciWaO1+uPvnw7iwau1uDFHO1KiclkufAGbLNZUX4z+upwS0RJyUdmR9m38RrbRlSjoVqKQIqBhEByqarD57OhUTg5ixQRBKcyG1humSoByOMvy/oMLMoql7UnPswBqIUAEeczub3+ohroZqji22EAA47OOu6xI=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR01MB2255;23:KGzVaZdJf7rMQcCF6h9A2gUmw1U/XpTTHzhPaQpSU?=
 =?us-ascii?Q?daIgLes9zwEOI4rqZFdBE9Z9jqiiRFsKG5Yb2G+uUoc2wtDsDU7x2Jrm+npE?=
 =?us-ascii?Q?lecET6q6YuykwOvKBTJSHhoTxnyAv9qnqftP3ozXHg5U11pbAnGwFPPcS5Zm?=
 =?us-ascii?Q?8G0p7zN+gHvxqtuJTg/D+qMx/qHCtLTcvAqqk5tRfAv65gsjweVYzKRpahCB?=
 =?us-ascii?Q?mGRAJ6ZK3cQTcKIcMXXLcQ7gtJE2xdatel+NTTPLzM0oYD8Xh/kfydohf2+n?=
 =?us-ascii?Q?s7ePjvCTq7+2IrirT9lawg9Hm2Kh3GDY1w82D9iNJcsYtCCJh5mmZA+3cP4l?=
 =?us-ascii?Q?di6pQjOU/DP9lROeEwOCX/0nYv044DwsW8MeLKkkl7kKioLczO6XzMSxN8wU?=
 =?us-ascii?Q?9VzCwQD9nXjz+qR7F6GwWF2XzaMlWgLz9og2yXb3T/tY6QS7m/gHL/+ndHba?=
 =?us-ascii?Q?ZKsqDpvnwys4EPIzJsOhD2iGXkiZeDObHBqbWRtu4lsl/s2yuo+gQBNqEKS0?=
 =?us-ascii?Q?5EmAVTj5/oHhyZrJQY9F0+vE0H5qpaeG0ftlFEb1p5gXabx+S8SJCArwY+xS?=
 =?us-ascii?Q?w5DNrNTErPHkAJX7ebtwpEn6L8rkRjGogbm7DeQz03hks/7O3edrKlbchMki?=
 =?us-ascii?Q?PLk+kccbLNaTOdMTy2gpnXV2bYsJUNpkCCznukFcW+CMIKQc8zYd7s/gGU9Q?=
 =?us-ascii?Q?rCY/PyBTPYw7/q9j50/R/EZnvzrQVQCFu5jutMP6+tJkRebfZTMZCZizBDnw?=
 =?us-ascii?Q?FIuQL8Zmq5ojUwU3kYn0HbqIIfCc1Gp3JiQaRFgPKHKag4xrIGAfyEO+jYuT?=
 =?us-ascii?Q?wVxuxGxxqQmQ096gOu96F8NuBZ6SLAA+jrSKfjHqqnMSphHGDUIBd7TJnC7g?=
 =?us-ascii?Q?4iuFalQDlPrgB1x/pCosmPqhX8spo0l+tIlcHh93RPzmNg6YaL8svZQmpG1A?=
 =?us-ascii?Q?2+KOtkvOj87oZ0zdI6oG5oscw66/Jrbg1SJ9e55fnPRP9T/O2oI0q3wCa2pE?=
 =?us-ascii?Q?F6sO2f5LBBqOeSVx46LGVCODdU1RLvNyn0pg27vm0aI/oafYO/COIw3kqFF6?=
 =?us-ascii?Q?Uv/5wNBewn8QGcwXCQXs7MXMyOYzhSeZdOYyTaORAC2eRXaVkt5ZoGm6Y1AO?=
 =?us-ascii?Q?uymDVOBXeFIL2DBEgzyF0ictGyLRv+P2rxP+tQ20H6UW1TVDow3E8uZo5IuL?=
 =?us-ascii?Q?jKUlpJLVhbf97JOrteS3SiPCSfL1QSlO+PB5L4akayZevJJ9ffif2tLWfr1e?=
 =?us-ascii?Q?ash5QRzfeUB/n74ZtYagzbYkPX6PV8/AfOk/mwQSqHodewOICXcRha4c+Aft?=
 =?us-ascii?Q?6MfD+Fi/5jFmPe9+X1bIKT0HSxfQ1uJyZcOPNt+yA3QNHQBsWEqgYbasWSVk?=
 =?us-ascii?Q?h6lRnSB8+rgNKR/iEy9Tiv/5hoepJmFvyVodMvZEIvG13/2/+L22DD5syTFc?=
 =?us-ascii?Q?g6qVwLaAj+rV/BRAxsemR2LcY8sJjvapXKW8REWKb5eoW/Mxz7zK0vQb7Byd?=
 =?us-ascii?Q?oCeymYEMZn1S/KhOXn7sWucN4xLXBSKUVRUkrwlmKrugnio5duMec/9d3OhR?=
 =?us-ascii?Q?QfkSon0alHaZwA3iWBYW4CyLWdsRv2T2MV6bU2B+UT/xll1PJL75uz5aCkE9?=
 =?us-ascii?Q?4Pir/4zPkO+r3a0P2vmC5mKEYnGzfR7KgL7BTZ6EDxwv1icuJNT1VvRAfJtp?=
 =?us-ascii?Q?eIu3SyjqlWzRml0zqWN5fGmC2PKHQbZO7hyKzc0X9pf2Tm6JLrDg31jIJB5G?=
 =?us-ascii?Q?HGvMIiB27gHbqxYWXOaXM9js1T/3POL6Y+lwH67xaaVqeD/egoylkXlBo5fh?=
 =?us-ascii?Q?/ykPqqe79LRGrD8YQL7uRhjRbv/Fw0fS8Yx2b7z3AV38498xR1rLrnm7v4qe?=
 =?us-ascii?Q?vRjMACCJtCptnaBieyI8pkV1p5/z4v6tuRm2JUiKV7r5cDTiJj6nmxzSlanq?=
 =?us-ascii?Q?5D629ernaNeSzdCOlTC8mWLBrlm9vq4HtP1L9Ua6TRr4IyFOFoXx+dN3Ra10?=
 =?us-ascii?Q?z0=3D?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;6:PvlgfMdHx/Yuj9GVA9EOLexQlTA3SFSzUL6B1m80qKCQPIm5znJWvJsWzWjcjzN62/EBBRN63kpi3NBCYgYoRrTfu4DZY+HPyfgyhvS15j5D6B4yVvvMKSv72/ri932y7tnKINa4ySrDDyNWNXFNUQVheyy8r/f7GJd83gLjAXUWtJS8rQd8miqbgqqyNd+7DBP50G+IcW/U4n3CgJiZKcWGO0stlkQpqxcE1CF7C54Q7yRlVp5m3d0Tx9JPLnZ9Syjyw7GyE/NhsA3GQ90vwd5ehqom2193BkOkbSQueIB7xQ28jDbTXAKBzPyD7wpwU/lXVP/3MUqF8LTcBt+s0w==;5:BB6/x9UoTBR96KdBZ5yzqbuGuxRWeJzBBYCKt95qZmqIf7/kHauaEj2ez21l4JuGxv2PpWeK8cRXTq4uKVnHD+GMVamCb1LwhxUbX/eVGYXQHMLWgpm9AsLS1vppksbBEC50lKy9nc2kite3YLMpmU9Oahz1wTy23dgALq3dlkk=;24:CVlshZoZUc/3nW1/pWVfOc5fDC3KUXhHHDKg4ZqTxodjfgGcZh6juoZeHIwYiG/DcW+vgUF+sKHCTgIL0ES15U8iDkvde9UmwQYA6MUR7rs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR01MB2255;7:YnznasHX0toOs0yRQ4OuCTW6KUj3RldJXUKbS8yDLBSFOgf85Q59IpW+t2hXlNpgMGLYj6FSNlM4k7tiyszU+PlZKMd4ptB/t3LoNKfV5rY5zb+0u2loiv1AZol+QQ8sWGpmALVBOMBxhgKG40sxiqIzdC4Q6y98ZfhAH3BkIRW+HVkWReh5K3GhVoEXVyUx4+JJ8xxvWwvoDxYoXkrazyGuj8AS70qO7L+JCw2LXH4AXR8mSbUSFqH/LZfb3tLrhL+uVgfqdvEy3vt71bDbM/F7vP3u9QrfoyU4WmeDMSZTUNo/NBtYZZcHeSrY6qE07vNvRboXscMYwIjFxGJb7tJ+obk0phBAfYs4Lbe+j80cxUQ112YVXha/ZGFZnK9uJpV35wrIW5zwRnFPCr72tw==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2016 19:08:04.5765
 (UTC)
X-MS-Exchange-CrossTenant-Id: e0ed04de-a27a-4e49-9c5b-00e094701550
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB2255
X-MS-Exchange-Organization-AuthSource: SN1NAM01FT002.eop-nam01.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0678053
X-Microsoft-Exchange-Diagnostics:
      1;CY4PR01MB2245;9:LWsAiZlmEsc+xfB9sfC8USvtLDQdTuNR3Rv+o9B2+QHdl2I7KRk94+MMm/ErcXzCygquWoyZ5UHy/vg3V6ZrE62lUKkUTctxPBOX/obussD/SeMqLUAK5vlTdHZZ4SxrV0R/uhNVlzp7SQcn+VkMw2a4kFeByw7JFDc+aY595Ri74U8HLUjh9z9SGSy9GVKAIDyqUmmOF0AKlZK5xEtqH0GDziZxQRoSDsdL3KQCsEQ=
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41869054
Message-ID: <CC2918922F8865409382803E095EB5942FF93D59@AXISSERVER.axisbenefits.local>

This is the source of the emails.
0
 
LVL 14

Accepted Solution

by:
Jason Crawford earned 500 total points
ID: 41869277
Yes that's true John but that info doesn't really help determine why it's being flagged as a phishing email.  Here's what I see:

Received-SPF: None (protection.outlook.com: axisbenefits.com does not
 designate permitted sender hosts)

 Authentication-Results: spf=none (sender IP is 162.220.84.151)

 Received: from zix01.omegatechnologygroup.net (162.220.84.151) by
 SN1NAM01FT002.mail.protection.outlook.com (10.152.64.63) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.693.6 via Frontend Transport; Tue, 1 Nov 2016 19:08:04 +0000

K5 - do you use omegatechnologygroup.net as an outbound smarthost?  It looks like a omegatechnologygroup.net server handed this email off to an Exchange Online server with Office 365, and it's not helping that the omegatechnologygroup.net WAN IP of 162.220.84.151 isn't included in the SPF record for axisbenefits.com.  In fact that domain doesn't have an SPF record at all:

spf.PNG
I would add an SPF record for your domain and include all IPs that will be sending email for your organization.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41869278
Phishing is determined by content. That is why I said to whitelist the address.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41869283
That's not a setting K5 can configure since his organization sent the email.
0
 

Author Comment

by:K5-Tech
ID: 41869286
The client does use Zixmail to send encrypted email.  I'm not the familiar with it.  Let me check with Zixmail tomorrow.
0
 
LVL 14

Expert Comment

by:Jason Crawford
ID: 41869323
Sounds good, I'll check back later and we'll eventually get it worked out.  Have a nice night.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question