Office365 spam



  • Do any of you guys/gals using Office365 for email receive a lot of fake Office365 account related emails? I have noticed that since moving to Office365 we receive a ton of fake cancellation notices or account related emails. The one thing that all these scams have in common is that the sender/reply-to address is from a domain that is also using Office365 for email. I assume what is happening is the domain sending the emails is someone who fell for the scam and now their email account is being used to send spam to other Office365 accounts because they are unlikely to be marked as spam.



  • Yeah had a few users this morning



  • I do use Office365, but I do not receive a lot of spam because we worked on our spam filters.

    1. What is your definition of "A LOT"? I receive about 75 junk emails / month (or about 2-3 per day). I don't consider that a lot, but that's just me.
    2. You can go into your Exchange Online server and modify your spam filters depending on your business dealings. You don't do business in Zimbabwe? You can block the entire country. Don't do business in the Orient? Block the region for your entire domain. You can also block that domain and the IP address/addresses as well.

    Once tuned in, it works well.



  • So really nothing can be done. Microsoft assumes that any email sent from an O365 account to another O365 account is always non-spam.



  • @syko24 said in Office365 spam:

    So really nothing can be done. Microsoft assumes that any email sent from an O365 account to another O365 account is always non-spam.

    Block the domain of the sender.



  • @nerdydad - I agree with adjusting the spam settings. The only issue is that it appears that all O365 accounts come through as clean email regardless of the content.



  • @nerdydad - It's always a different domain.

    I know at the end of the day the answer is user education. I was interested to see if anyone else noticed this trend since I know a lot of people here are using O365 for email.



  • Have you looked at the headers and made sure that the domain isn't being spoofed?



  • You can check the spam score of these messages. It is possible they are getting marked with a score just below your threshold for rejection/deletion.
    I know when we used O365 i had to set the threshold to 4 to get this nonsense to stop.



  • @nerdydad said in Office365 spam:

    Have you looked at the headers and made sure that the domain isn't being spoofed?

    Definitely not being spoofed per the info in the header. The domains that are sending the spam also have SPF setup with O365 so that would also lead me to believe they are actually being sent from the real O365 account.



  • @momurda said in Office365 spam:

    You can check the spam score of these messages. It is possible they are getting marked with a score just below your threshold for rejection/deletion.
    I know when we used O365 i had to set the threshold to 4 to get this nonsense to stop.

    I'll look at the scores and see what they are posting. I almost feel like I should just put an alternative spam filter in front of our account. Something that actually checks the links in the body of the email.



  • Spam Score is SCL 1



  • @syko24 Oh those ones. Are they like the Professionals' contact list ones?
    The loan shark ones? Lonely Hearts Club?
    To stop these you usually need to use some sort of regex that is common to all emails of one type.



  • @syko24 said in Office365 spam:

    ms have in common is that the sender/reply-to address is from a domain that is also using Office365 for email. I assume what is happening is the domain sending the emails is someone who fell for the scam and now their email account is being used to send spam to other Office365 accounts because they are unlikely to be marked as spam.

    I have users that receive emails from Office 365 senders and they are not in office 365 which means is an Spam problem and not an Office 365 problem. Even if you host emails in Office 365 you should either adjust your Spam Filtering or use an external Spam Filtering.


Log in to reply