Alan Dala
asked on
Domain spoofing
Hello - Our organization is using Office 365 for email and I'm trying to make our domain less 'spoofable' if possible. I've implemented SPF, DKIM and DMARC and online tests tell me they're implemented correctly. Despite this fact, I still get emails showing as coming from our domain.
Here are my records:
v=DMARC1;p=quarantine; pct=100; rua=mailto:it@domain.com; ruf=mailto:it@domain.com; ri=84600;
v=spf1 include:spf.protection.out
selector1-domain-com._doma
selector1-domain-com._doma
(Replaced my real domain with 'domain')
Any help would be appreciated.
Thanks!
Here are my records:
v=DMARC1;p=quarantine; pct=100; rua=mailto:it@domain.com; ruf=mailto:it@domain.com; ri=84600;
v=spf1 include:spf.protection.out
selector1-domain-com._doma
selector1-domain-com._doma
(Replaced my real domain with 'domain')
Any help would be appreciated.
Thanks!
Each of the techniques you have set up will increase your "Sender Reputation" according to other spam filters, but don't do a whole lot to prevent spoofing when the To: and From: domain are the same (this would be when a spammer sends messages to your organization and spoofs your domain to do so).
You will want to look through your spam filter settings in the Exchange management portal to see if your domain is included in the list of accepted domains. If it is, remove that white-listing and your problem will stop. If it isn't listed there, check the transport rules to see if there is a rule that sets emails from your domain to bypass spam filtering. Remove that rule if it exists. If there is nothing allowing your domain in either of those, you can try creating a rule that blocked messages originating outside your organization with your domain as the from: address. In general, the only time you would receive messages from outside your organization with your from: address is if you have third party mail systems sending to your environment. You can create exceptions for those systems if you wish.
You will want to look through your spam filter settings in the Exchange management portal to see if your domain is included in the list of accepted domains. If it is, remove that white-listing and your problem will stop. If it isn't listed there, check the transport rules to see if there is a rule that sets emails from your domain to bypass spam filtering. Remove that rule if it exists. If there is nothing allowing your domain in either of those, you can try creating a rule that blocked messages originating outside your organization with your domain as the from: address. In general, the only time you would receive messages from outside your organization with your from: address is if you have third party mail systems sending to your environment. You can create exceptions for those systems if you wish.
You can try to create anti spoofing transport rule in Exchange admin center.
https://support.knowbe4.com/hc/en-us/articles/212679977-Domain-Spoof-Prevention-in-Exchange-2013-2016-Office-365
https://support.knowbe4.com/hc/en-us/articles/212679977-Domain-Spoof-Prevention-in-Exchange-2013-2016-Office-365
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
To enforce all these records, the mail system running on your MX records must query/pull all these records + then take correct action to enforce them.
This is fairly complex + can take a bit of time to get working correctly.
Very rarely will a mail system implement all these correctly. Usually you'll have to setup your system for exactly which of these records you'd like to act upon.