This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Our email is hosted within Exchange Online.
The latest waves of incoming phish and spam emails seem to be sent in batches with each incoming email sent to about 50-60 of our internal users within the To: field.
I can't think of a reason why my organization would ever accept an email from outside that is addressed to more than 10 recipients.
Looked in mail flow rules to see we could block an incoming email based on the number of internal recipients on the To: field
Did not find anything.
I have been working with SPAM issues for over 25 years. Don't need advice on reducing SPAM.
We have O365 ATP SPAM policies, Phish Policies SafeLinks, SafeAttachments.
None of the above will protect you when you receive a 0 hour 0 day targeted email based threat that is addressed to dozens of your internal users.
You try and hide your internal email addresses but over time, the crooks build inventories of your email addresses.
We have been receiving targeted emails addressed to 50+ internal valid recipients.
need a way to drop emails based on the number of recipients within X-MS-Exchange-Organization-OriginalEnvelopeRecipients: field or the length of that field.
Spam scores are usually 0 and the X-MS-Exchange-Organization-OriginalEnvelopeRecipients: looks something like this:
X-MS-Exchange-Organization-SpamScore: 0
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-Organization-OriginalEnvelopeRecipients: =?us-ascii?Q?jswea@tward@iaiworks.com .com;jbyv@tward@iaiworks.com ?=
=?us-ascii?Q?.com;?=
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi @Steve Pogue ,
According to my research, we cannot limit the number of recipients included in the received mail through mail flow. In the "To" column, we can specify specific recipients or recipients that contain specific information. And if you delete the mail according to the number of recipients, it is easy to accidentally delete the mail.
For mail restrictions, we can only pass “Message size limit”,” Message header size limit”, “Subject length limit”, “File attachments limit”, “File attachment size limit” “Multipart message limit” and “Embedded message depth limit”. For more information please refer to: Message limits
About this issue:
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Steve Pogue ,
As I said above, there is no method to limit the recipients of the email we received.
Have you tried to create blocked sender lists based on the sender’s information?
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Steve Pogue ,
I am writing here to confirm with you how thing going now?
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.