Office 365 Mail Rules to Use for Anti-Spoofing

Anti-Spoofing Rules for Office 365

Fraudulent emails are becoming a common cyber threat. Anti-spoofing mail rules set up in Office 365 can help. In these phishing schemes, scammers research internal company names and send emails that look like they are coming from the CEO or someone else in the company. Typically the scam emails request a wire transfer or other proprietary information. 

Office 365 Anti-Spoofing Protection

Office 365 mail rules can tag the email with a disclaimer to alert the recipient that it may be a scam. The rule can be set up so if an email is coming from outside the organization, but is from an internal domain, the disclaimer will be added to the top of the email. Here’s how to set up Office 365 Anti-Spoofing Mail Rules.  

Office 365 Anti-Spoofing Set Up

To set up the mail rule:

  1. Log into the Office 365 management portal. 
  2. Open Exchange Management. 
  3. Go to Mail Flow > Rules. 
  4. Create a new rule if the sender is outside the organization and if the sender’s domain is one of your internal domains. Set the condition to Prepend the disclaimer and write a disclaimer explaining why the email is flagged as a spoofed email. See example below. 

Here is the rule we set up:

Office 365 Anti-Spoofing Known External Services Exclusions

This Office 365 Anti-Spoofing Rule may add the disclaimer to emails from devices such as scanners and third-party services like Constant Contact. To set up your rule to not add the disclaimer to these: 

  1. Click the add exception button in the rule and specify the sender. 

This simple anti-spoofing rule adds a great amount of security to email in Office 365 by providing a warning. 

For more information on how you can use mail rules in Office 365 to tag and alert you to emails with spoofed senders, continue reading Is Your CEO a Fraud.

Here’s Microsoft’s Office 365 Anti-Spoofing Protection in EOP article. 

Posted in
Intrust IT Intrustimonials

Intrust Man

Intrust Man may be small, but he is mighty smart. You can trust this clever cartoon hero to provide news you can use.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Cybersecurity for Small Businesses Threat Management Strategies - Intrust IT

Cybersecurity for Small Businesses: Threat Management Strategies

The threat of cybercrime looms larger than ever before. With each passing year, we witness a staggering rise in cyberattacks,...
The Crucial Role of Data Backup in Business Continuity and Disaster Recovery - Intrust IT

The Crucial Role of Data Backup in Business Continuity and Disaster Recovery

Data is the lifeblood of any modern business operation. All organizations rely heavily on digital information, from customer and financial...
What is Two Factor Authentication, and Why Does it Matter - Intrust IT

What Is Two Factor Authentication, and Why Does It Matter?

You’ve likely seen security updates on your phone or computer asking you to set up 2FA or MFA to increase...
Should Information Technology Companies Allow Workers 9 Days AFK - Intrust IT

Should Information Technology Companies Allow Workers 9 Days AFK?

At Intrust IT, we know how powerful stepping away from work can be for our employees’ well-being. We became employee-owned...
The Advantages of Opting for a Managed SOC - Intrust IT

Benefits of Continuous Cybersecurity Monitoring with a Managed Security Operations Center (SOC)

Introduction: The Importance of Robust Cybersecurity in Today's Digital Age As a leading managed service provider, we’ve seen cyber threats...
Local Government Security Breaches Are City Managers Prepared - Intrust IT

Local Government Security Breaches: Are City Officials Prepared?

Virtually every day there’s a new headline about novel cyber threats, government security breaches and municipal government cyber attacks that...