Tuesday, April 26, 2016

Office 365 Spoof Email blocking and SPF hard block


If spam is making its way in using spoofed email addresses you can edit the following in the Office 365 Exchange Admin center.

Select “Rules” and “+” to create a new one named “Spoof Email Block” as shown below:


Use the following settings that “Sender is located outside” and that “Senders domain is your domain” and action “deliver to the hosted quarantine” as shown below:image

Apply the rule and then monitor the quarantine. If the rule appears to be working as you expect you can then change it to delete the email instead of quarantining them. The other advantage of the quarantine method is you have an audit record of how many emails are coming in that way.

I would also recommend adding the following to enforce SPF:

Select ”Exchange” “Spam Filter”
Then  Edit the “Default” rule.
Select “advanced options”
turn SPF record hard fail to “On”
turn Conditional Sender ID filtering hard fail to “On”
and save as shown below:


Note: Please make sure to review my blog on setting up your SPF records before implementing the settings above.
DNS SPF Basics What you need to know

No comments:

Post a Comment