Office 365 Mail Rules to Use for Anti-Spoofing

Anti-Spoofing Rules for Office 365

Fraudulent emails are becoming a common cyber threat. Anti-spoofing mail rules set up in Office 365 can help. In these phishing schemes, scammers research internal company names and send emails that look like they are coming from the CEO or someone else in the company. Typically the scam emails request a wire transfer or other proprietary information. 

Office 365 Anti-Spoofing Protection

Office 365 mail rules can tag the email with a disclaimer to alert the recipient that it may be a scam. The rule can be set up so if an email is coming from outside the organization, but is from an internal domain, the disclaimer will be added to the top of the email. Here’s how to set up Office 365 Anti-Spoofing Mail Rules.  

Office 365 Anti-Spoofing Set Up

To set up the mail rule:

  1. Log into the Office 365 management portal. 
  2. Open Exchange Management. 
  3. Go to Mail Flow > Rules. 
  4. Create a new rule if the sender is outside the organization and if the sender’s domain is one of your internal domains. Set the condition to Prepend the disclaimer and write a disclaimer explaining why the email is flagged as a spoofed email. See example below. 

Here is the rule we set up:

Office 365 Anti-Spoofing Known External Services Exclusions

This Office 365 Anti-Spoofing Rule may add the disclaimer to emails from devices such as scanners and third-party services like Constant Contact. To set up your rule to not add the disclaimer to these: 

  1. Click the add exception button in the rule and specify the sender. 

This simple anti-spoofing rule adds a great amount of security to email in Office 365 by providing a warning. 

For more information on how you can use mail rules in Office 365 to tag and alert you to emails with spoofed senders, continue reading Is Your CEO a Fraud.

Here’s Microsoft’s Office 365 Anti-Spoofing Protection in EOP article. 

Posted in
Intrust IT Intrustimonials

Intrust Man

Intrust Man may be small, but he is mighty smart. You can trust this clever cartoon hero to provide news you can use.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...
9 days on a cruise - Intrust IT

Redefining Culture in IT Companies: Nine Days Away on an American River Cruise

What would you do with nine days away from your keyboard? Would you take a relaxing vacation? Or spend time...
National Public Data Breach- Intrust IT

Was Your SSN Leaked? Understanding the Impact of a National Public Data Breach

A recent national public data breach has sent shockwaves through the country, exposing the sensitive data of millions of Americans....
What are Managed IT Services A Simple Guide Intrust IT

What Are Managed IT Services? A Simple Guide

Whether you are a part of a large corporation or a smaller business, you likely have run into IT issues...