Exchange online flagging emails with users who have the same name as someone internal as spam

Audi911 0 Reputation points
2024-07-01T11:49:42.6666667+00:00

Hello,

I have a question reagarding some thing I am observing which is interesting.

Occasionally a user with exactly the same name as an internal user will email someone in our company and it will be sent to the quarantine.

We know the reason is because of impersonation but we are trying to understand why it happens to only some people and not others.

For example, if I sent an email to myself from another domain where my display name is identical it passes correctly with a spam score of 1

But, if a user who is sending from somewhere like hotmail does the same test it can have a spam score of 5 and be sent to the quarantine and the details will be user impersonation.

Has anyone ever seen this, if yes, how would you fix it without turning the option off in Exchange Online to check for Phishing.

Thanks!

Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,374 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce Jing-MSFT 2,750 Reputation points Microsoft Vendor
    2024-07-02T05:43:20.6233333+00:00

    Hi,@Audi911

    Thanks for posting your question in the Microsoft Q&A forum.

    Based on your description, it seems that you have questions about impersonation protection of Exchange Online.

    Impersonation is where the sender or the sender's email domain in a message looks similar to a real sender or domain, but the same display name does not affect email transmission.

    For user impersonation protection, if the sender and recipient have communicated by email before, user impersonation protection does not work. If the sender and recipient have never communicated by email, the message can be identified as an impersonation attempt.

    Domain impersonation protection prevents specific domains in the sender's email address from being impersonated.

    You can refer to this link for details: Anti-phishing policies - Microsoft Defender for Office 365 | Microsoft Learn

    If my answer is helpful to you, please mark it as the answer so that other users can refer to it. Thank you for your support and understanding.