This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 74%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Hello guys,
I have searched a solution which is about a email attack.
My scenario is very simple.
Setting an alert for an email attack that is in the particular time period (for ex last 24 hour) an email sender sends sequentially to different email address of a domain.
Consider that one email address ******@gmail.com sends different 30 email address of a domain in one day.
We want to detect this type of behaviour easliy but MS support says no way to do this.
A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
According to your description, do you mean you want to set an alert to this email attack for your organization?
Based on my knowledge, Microsoft is not providing this option to help you detect this email attack.
However, If you always receive this spam email from this specific sender, I would suggest you create an mailflow rule that would automatically delete emails from recipients that contains his email address or specific subject on their email address. To do that, you could refer to this article’s step.
如何使用 Office 365 中的邮件流规则阻止传出电子邮件 (codetwo.com)
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
In somehow the attacker can get the email adresses. And they send email behalf on our companyowner and he sends the same emails like robot sequentially. It is not a spam and it is phishing. And AI could not detect two times. And luckily no one clicked it.
So that is the pattern that we want the Microsoft to implement or allow us to do this.
I think this type of a feature can be useful for many companies.
We cannot disallow all incoming email from outside organization. This makes no sense.
And also we do not want to block this behaviour. We want to detect it.
Because a normal user would send this email most likely with bulk list. But this sends seperately and sequentially.
In somehow the attacker can get the email adresses. And they send email behalf on our companyowner and he sends the same emails like robot sequentially. It is not a spam and it is phishing.
It is really terrible. Unfortunately, there is no effectivity settings could detect these phishing emails in Exchange Server. To help you get these requirements, we recommend you give the feedback in this UserVoice link.Microsoft will always focus on customer’s feedback and experience. Some new features would be added to the services based on customers' feedback in the future, and your good ideas will be very helpful for them to improve the service.
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back.