ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Office365 spam

    IT Discussion
    5
    14
    1184
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • syko24
      syko24 last edited by

      Do any of you guys/gals using Office365 for email receive a lot of fake Office365 account related emails? I have noticed that since moving to Office365 we receive a ton of fake cancellation notices or account related emails. The one thing that all these scams have in common is that the sender/reply-to address is from a domain that is also using Office365 for email. I assume what is happening is the domain sending the emails is someone who fell for the scam and now their email account is being used to send spam to other Office365 accounts because they are unlikely to be marked as spam.

      1 Reply Last reply Reply Quote 1
      • hobbit666
        hobbit666 last edited by

        Yeah had a few users this morning

        1 Reply Last reply Reply Quote 0
        • NerdyDad
          NerdyDad last edited by

          I do use Office365, but I do not receive a lot of spam because we worked on our spam filters.

          1. What is your definition of "A LOT"? I receive about 75 junk emails / month (or about 2-3 per day). I don't consider that a lot, but that's just me.
          2. You can go into your Exchange Online server and modify your spam filters depending on your business dealings. You don't do business in Zimbabwe? You can block the entire country. Don't do business in the Orient? Block the region for your entire domain. You can also block that domain and the IP address/addresses as well.

          Once tuned in, it works well.

          syko24 1 Reply Last reply Reply Quote 1
          • syko24
            syko24 last edited by

            So really nothing can be done. Microsoft assumes that any email sent from an O365 account to another O365 account is always non-spam.

            NerdyDad 1 Reply Last reply Reply Quote 0
            • NerdyDad
              NerdyDad @syko24 last edited by

              @syko24 said in Office365 spam:

              So really nothing can be done. Microsoft assumes that any email sent from an O365 account to another O365 account is always non-spam.

              Block the domain of the sender.

              syko24 1 Reply Last reply Reply Quote 0
              • syko24
                syko24 @NerdyDad last edited by

                @nerdydad - I agree with adjusting the spam settings. The only issue is that it appears that all O365 accounts come through as clean email regardless of the content.

                1 Reply Last reply Reply Quote 0
                • syko24
                  syko24 @NerdyDad last edited by

                  @nerdydad - It's always a different domain.

                  I know at the end of the day the answer is user education. I was interested to see if anyone else noticed this trend since I know a lot of people here are using O365 for email.

                  1 Reply Last reply Reply Quote 0
                  • NerdyDad
                    NerdyDad last edited by

                    Have you looked at the headers and made sure that the domain isn't being spoofed?

                    syko24 1 Reply Last reply Reply Quote 0
                    • momurda
                      momurda last edited by

                      You can check the spam score of these messages. It is possible they are getting marked with a score just below your threshold for rejection/deletion.
                      I know when we used O365 i had to set the threshold to 4 to get this nonsense to stop.

                      syko24 1 Reply Last reply Reply Quote 0
                      • syko24
                        syko24 @NerdyDad last edited by

                        @nerdydad said in Office365 spam:

                        Have you looked at the headers and made sure that the domain isn't being spoofed?

                        Definitely not being spoofed per the info in the header. The domains that are sending the spam also have SPF setup with O365 so that would also lead me to believe they are actually being sent from the real O365 account.

                        1 Reply Last reply Reply Quote 0
                        • syko24
                          syko24 @momurda last edited by

                          @momurda said in Office365 spam:

                          You can check the spam score of these messages. It is possible they are getting marked with a score just below your threshold for rejection/deletion.
                          I know when we used O365 i had to set the threshold to 4 to get this nonsense to stop.

                          I'll look at the scores and see what they are posting. I almost feel like I should just put an alternative spam filter in front of our account. Something that actually checks the links in the body of the email.

                          1 Reply Last reply Reply Quote 0
                          • syko24
                            syko24 last edited by

                            Spam Score is SCL 1

                            momurda 1 Reply Last reply Reply Quote 0
                            • momurda
                              momurda @syko24 last edited by

                              @syko24 Oh those ones. Are they like the Professionals' contact list ones?
                              The loan shark ones? Lonely Hearts Club?
                              To stop these you usually need to use some sort of regex that is common to all emails of one type.

                              1 Reply Last reply Reply Quote 0
                              • dbeato
                                dbeato last edited by

                                @syko24 said in Office365 spam:

                                ms have in common is that the sender/reply-to address is from a domain that is also using Office365 for email. I assume what is happening is the domain sending the emails is someone who fell for the scam and now their email account is being used to send spam to other Office365 accounts because they are unlikely to be marked as spam.

                                I have users that receive emails from Office 365 senders and they are not in office 365 which means is an Spam problem and not an Office 365 problem. Even if you host emails in Office 365 you should either adjust your Spam Filtering or use an external Spam Filtering.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post