This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 48%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
In the O365 Exchange rules the "External Sender Disclaimer Message" has a section that allows you to enter the "except if" section and enter the senders email address.
I'm concerned that the senders email address could be spoofed.
My question is: What, if anything, is done to verify the senders identity prior to delivery to my organization?
Is the senders domain verified?
Is a reverse MX lookup performed to verify the email came from a authorized system for the sending domain.
Any links provided would be appreciated.
Thank you in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Brad ,
Just checking in to see how things are going on with this thread.
If the reply was helpful, you can click the "Accept Answer" button under this post so that other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back.
What email address are you entering there?
If its an external email address, then yes it could be spoofed. You will want to make sure that you have SPF, DKIM and DMARC setup for your 365 tenant
If you dont want an external email sender to get the disclaimer on their messages, consider creating a new rule with a HIGHER priority then the disclaimer rule instead
For that rule, allow the messages if they pass DMARC from that sender and stop processing further rules so the disclaimer is not added.
The email address would be the external senders address, which would not use without additional checks, which is why I was looking for suggestions.
I had not realized that we could use the "Authentication-Results" to verify DMARC, SPF, DKIM or the compauth option (below).
compauth Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.
Here is another link I found based on your response.
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide#authentication-results-message-header
thanks.. More than answered my question.
Hi,
If Andy’s reply was helpful, you can click the "Accept Answer" button under his post so that will make answer searching in the forum easier and other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back.