Spam emails blocked on exchange 2016 and Sophos

Moin Abbas Qureshi 21 Reputation points
2022-01-06T14:07:46.343+00:00

Dear Helpers,

I have an issue. I have Exchanger 2016 and Sophos Spam blocker. Some spam user from gmail send mails to our workers (domain email) with different worker names. Like boss@Stuff .com and name with alice bible. So our employees continue write out spam emails. I already blocked this user. So my questions is that how i blocke these @Stuff spam emails. when i check sender IP, its always Gmail server IP. I already make a rule in Exchange server for blocking, but still with new spams comes to our server with employee names. If you have suggestion, please share with me. Thanks

Exchange | Exchange Server | Management
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 158K Reputation points MVP Volunteer Moderator
    2022-01-06T15:09:52.93+00:00

    Yea, thats the tough part, there is no real solution with Exchange itself. You could create transport rules, but that would be very difficult to manage for multiple users and probably not really be effective since you would have to account for every variation.

    Third party software is really what should be used:

    EOP/ ATP can do this:

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Andy David - MVP 158K Reputation points MVP Volunteer Moderator
    2022-01-06T14:22:58.677+00:00

    Exchange itself is not very good at this and has really basic settings. Can you adjust the Sophos product in anyway to look for spoofing and check DMARC passing and SPF records?

    1 person found this answer helpful.

  2. Andy David - MVP 158K Reputation points MVP Volunteer Moderator
    2022-01-06T14:39:55.817+00:00

    So these are spoofing the display names of actual users with a gmail.com address? If so, thats going to be almost impossible to block without third party software or using EOP/ATP with Microsoft.

    Users can set their junk mail settings to Safe Senders Only and that would help at least.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.