Users are receiving spoof emails from our own email addresses, how to stop? O365 and AppRiver spam filter.
Many of my users (including myself) have been receiving spoof emails that appear to come from ourselves with our own emails. Most of them are caught in the junk filter but now some are sneaking through. My users know these are not real but they are becoming annoying.
What can I do to try to stop this? We use O365 and AppRiver as a spam filter.
Thanks!
What can I do to try to stop this? We use O365 and AppRiver as a spam filter.
Thanks!
Configure your MTA or prefilter to deny any email from email addresses using your domain name that is coming from outside your LAN (or alternately, not coming from inside your LAN, whichever is easier).
This will have fallout, of course. Nobody will be able to send email when they are outside the office unless they are using a secured and encrypted VPN to tunnel back into the office LAN. But, since it looks like your firm is a law firm, that should be the normal state of affairs in any case.
This will have fallout, of course. Nobody will be able to send email when they are outside the office unless they are using a secured and encrypted VPN to tunnel back into the office LAN. But, since it looks like your firm is a law firm, that should be the normal state of affairs in any case.
I would suggest to Review the SPAM filter policy and enable Spoof intelligence in Office365.
Also, Apply some Keyword-based Trasport rule to block and redirect/quarantine those emails to another monitoring mailbox.
Regards
Kundan
Also, Apply some Keyword-based Trasport rule to block and redirect/quarantine those emails to another monitoring mailbox.
Regards
Kundan
ASKER
Thank you guys. Dr. Klahn, we are not a law firm, that ymblaw.com appears to be where the email may have been sent from perhaps? I guess I could block that domain? But we receive others that come from different places too. Most have been caught in our spam filter but I'd like to block as many as I can.
I can't have my users not be able to send from outside the office, most of our staff are on the road a good part of the day.
Kundan, I looked into the Spoof Intelligence in O365. It looks like it is already enabled. The user that was spoofed in what I provided above (bmacelli) was listed, it said authentication result: Failed. There were also many other people listed in the Spoofed user list, all in my organization. They all said failed for Authentication result.
There is an allowed to spoof setting, and it is set to Yes. If I set this to no for the users listed in the Spoofed User list, will that prevent this from happening?
I can't have my users not be able to send from outside the office, most of our staff are on the road a good part of the day.
Kundan, I looked into the Spoof Intelligence in O365. It looks like it is already enabled. The user that was spoofed in what I provided above (bmacelli) was listed, it said authentication result: Failed. There were also many other people listed in the Spoofed user list, all in my organization. They all said failed for Authentication result.
There is an allowed to spoof setting, and it is set to Yes. If I set this to no for the users listed in the Spoofed User list, will that prevent this from happening?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We enabled SPF and DKIM and have seen a decrease in spam, thank you all for the assistance with this.
1. a screenshot showing how the spoof emails look like.
2. source code of email header of one of the emails.
thanks.