Office 365 Mail Rules to Use for Anti-Spoofing

Fraudulent emails are becoming a common cyber threat. Anti-spoofing mail rules set up in Office 365 can help. In these phishing schemes, scammers research internal company names and send emails that look like they are coming from the CEO or someone else in the company. Typically the scam emails request a wire transfer or other proprietary information. 

Office 365 Anti-Spoofing Protection

Office 365 mail rules can tag the email with a disclaimer to alert the recipient that it may be a scam. The rule can be set up so if an email is coming from outside the organization, but is from an internal domain, the disclaimer will be added to the top of the email. Here’s how to set up Office 365 Anti-Spoofing Mail Rules.  

Office 365 Anti-Spoofing Set Up

To set up the mail rule:

1. Log into the Office 365 management portal. 
2. Open Exchange Management. 
3. Go to Mail Flow > Rules. 
4. Create a new rule if the sender is outside the organization and if the sender’s domain is one of your internal domains. Set the condition to Prepend the disclaimer and write a disclaimer explaining why the email is flagged as a spoofed email. See example below. 

Here is the rule we set up:

Office 365 Anti-Spoofing Known External Services Exclusions

This Office 365 Anti-Spoofing Rule may add the disclaimer to emails from devices such as scanners and third-party services like Constant Contact. To set up your rule to not add the disclaimer to these: 

1. Click the add exception button in the rule and specify the sender. 

This simple anti-spoofing rule adds a great amount of security to email in Office 365 by providing a warning. 

For more information on how you can use mail rules in Office 365 to tag and alert you to emails with spoofed senders, continue reading Is Your CEO a Fraud.

Here’s Microsoft’s Office 365 Anti-Spoofing Protection in EOP article.