Office 365 Spoof Email blocking and SPF hard block

 

If spam is making its way in using spoofed email addresses you can edit the following in the Office 365 Exchange Admin center.

Select “Rules” and “+” to create a new one named “Spoof Email Block” as shown below:

image

Use the following settings that “Sender is located outside” and that “Senders domain is your domain” and action “deliver to the hosted quarantine” as shown below:image

Apply the rule and then monitor the quarantine. If the rule appears to be working as you expect you can then change it to delete the email instead of quarantining them. The other advantage of the quarantine method is you have an audit record of how many emails are coming in that way.

I would also recommend adding the following to enforce SPF:

Select ”Exchange” “Spam Filter”
Then  Edit the “Default” rule.
Select “advanced options”
turn SPF record hard fail to “On”
turn Conditional Sender ID filtering hard fail to “On”
and save as shown below:

clip_image001

Note: Please make sure to review my blog on setting up your SPF records before implementing the settings above.
DNS SPF Basics What you need to know

Comments

Post a Comment

Popular posts from this blog

Office 365 Deployment Tool Office Download fails “Could not Install”

Image
Problem: you run the setup.exe /download download.xml and fails immediately with “Couldn’t install” You make sure all the settings are correct (see other blogs) and find nothing wrong Solution: Change drives and run it as an administrator again. For example above i am in the F:\OfficeDeploy directory which is the same directory I have the download.xml directing the download to. If i Change to the c: and run the same command again it works The Office Data folder was created and updated as shown below:
Read more

FRS to DFSR Post Cleanup “File Replication NtFrs Stopped”

Image
After successfully migrating from FRS to DFSR you get the File Replication NtFrs service is Stopped error on the local servers AD DS Services list. In the Event logs you may see Event id 13575 13577. You can confirm your migration completed by opening a cmd prompt as administrator and typing in: dfsrmig /getmigrationstate After your migration to DFSR is completed and you have given your servers ample time to propagate this service is no longer required. Since it is set to “Automatic”, as shown below” it shows in logs as a false positive error. Edit the File Replication Service and change it to “Disabled”, as shown below: Once it is listed as “Disabled” it will no longer show in the Console as an “error” Note : it may take some time to clear from the active view
Read more

Domain Migration SubinACL /Migratetodomain How To:

Caution : DO NOT run this on Domain Controller C:\ and only run on roaming profiles folders, or my docs shares day of migration to avoid ownership change issues. Confirm Domain trust is in place and users and groups have been migrated Test ping of olddomain.org from new domain Test ping of newdomain.org from olddomain Add newdomain.org domain controller host records to olddomain.org including reverse DNS records Confirm the user running the app is a domain admin in BOTH domains Download SubinACL here: http://www.microsoft.com/en-us/download/details.aspx?id=23510 /Migratetodomain- command will add the permissions of the new user to the old files and folders for example if jimbob@olddomain.org was migrated to the new domain jimbob@newdomain.org and you run the command below any file or folder in that path that has jimbob@olddomain.org will add Jimbob@newdomain.org with the exact same permissions. This is a safer way to migrate by keeping the old and new permissions intact while a
Read more