Phishing mail delivery error

Hi several users at a customer site received delivery errors sent to for some of their users.

We did a message trace and nothing has showed up in the past week

I can see it’s mentioned on a known phishing site

What’s best way to make sure nothing untoward has happened?

Has this been secured by Microsoft?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
It's possible that someone has spoofed the email email address and that may be why nothing is showing up in message trace. there really isn't much you can do about spoofing, other than make sure that your clients spf records are in place, and start to consider DKIM and DMARC as an additional method of securing you emails. Other than that, there isn't much that you can do since anyone can spoof any email address.
Indie101Author Commented:
There were nails showing up before the past week. Any reason why they would have stopped. Nothing changed from our side.Was security implemented by 365?
timgreen7077Exchange EngineerCommented:
not sure i understand. email showing up where? Also I'm not aware of any changes my MS that would interfere with mail flow.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Indie101Author Commented:
This mail showed up for users initially last week

As a non delivered mail error they haven't got any instances of it the past few working  days

I just thought when it stopped ms may have done something as the email address is well known

Are there any good blogs on how best to deal with spoofing mail in 365?
timgreen7077Exchange EngineerCommented:
See the below link for info on SPF, DKIM, and DMARC for email validation for O365. that will be your best option to look into.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Indie101Author Commented:
Thanks Tim i don't see any link
timgreen7077Exchange EngineerCommented:
look again. i had to readd it.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Post an example of the bounce message, all headers intact. Likely someone can help.
austin minorCommented:
Use"Have I Been Pawned" to check the breach status. Get more info:

Configure manually SPF, DKIM and DMARC to protect against spam. You could also look at Mimecast or Sophos for to help improve email security and use filter like Barracuda.

This is a good read for some tips and tricks to avoid email phishing attacks:

Domain Spoof Prevention in Exchange 2013/2016 & Office 365:
Indie101Author Commented:
Thanks I ran below command to see where forward for that mail address was setup

get-mailbox -filter * | ft displayname, *forward*

Then changed password for user involved and removed forwarding forwarding rule in 365 and local client thanks again :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.