Protect end users from cross-domain spoofing

Karlo 21 Reputation points
2021-10-06T05:33:30.6+00:00

Let say I have contoso.com as my primary domain. I am sending emails all around the world to a different domain. I have one of my customers fall into a phishing and spoofing incident. My customer receives an email from "comtosoo.com" which is the domain that is sending phishing emails. My customer wasn't able to notice the email address at first glance so they mistakenly thought that's its the right email address.

I am well aware of email protection like SPF, DKIM, and DMARC but these settings do not protect me from Cross-domain spoofing (based on my experience).

Is there a setting that I can configure to my Microsoft 365 tenant account to protect my email recipients from falling into such schemes?

What are the settings and recommendations that you can provide to limit and prevent such incidents?

Thank you

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,995 questions
{count} votes

Accepted answer
  1. Joyce Shen - MSFT 16,651 Reputation points
    2021-10-07T02:01:39.053+00:00

    Hi @Karlo

    Some spoofing emails can be identified by DKIM, SPF. Remaining spoofing emails need to be identified by the users. So You could consider adding a disclaimer to alert your organization members when they receive mail from an external source.

    For example: Simply go to the Admin Center, select “Mail Flow”, and create a new rule.

    Select ‘the sender is located:’ ‘Outside the organization’
    Select ‘Do the following” and
    Select ‘Apply a disclaimer to the message’ Or ‘prepend a disclaimer’

    Official documents:
    Mail flow rule actions in Exchange Online


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful