Over the last few months, the companies I work for have been getting hammered with spoofed e-mails. We have had people claiming to be vice presidents. People asking for wire transfers and direct deposit changes. We even had one spoofer requesting copies of social security numbers. We also have spoofers who claim to have hacked an account then demand a bitcoin ransom.
I am not sure what has happened all the sudden to make this so bad but I found a simple fix in Office 365 and I wanted to share.
Block Spoofing In Office 365 With Mail Flow Rules
The first thing to do is to go into the admin center in office 365. Then go into the exchange settings.
The thing we are looking for is mail flow rules.
Ones in there you can
What The Mail Flow Rule Looks Like
For my rule, I decided to only prepend a warning message to the e-mail so the users could decide if it is legit or not. I wanted to start with a warning to make sure we were not catching any good e-mails. But instead of the warning, you can change the rule to block the message.
You can also add an exception by IP address. This is good if a legitimate service is sending e-mails with your domain on your behalf. I put in 188.8.131.52 here to show how the rule would look but you would want to put the public IP of the server sending the mail.
It may take a few minutes for the new spoofing rule to kick in. Ones it is working users will start getting warnings added to
Customize The Disclaimer Message
You may also notice I had put the <hr /> in there. That is HTML code to draw a line between the warning and the rest of the message. The disclaimer accepts HTML code so you can do some styling to it if you would like.