I've been dealing with spammers in Office365 who are sending fake password expiration notices from email addresses that are over 300 characters long! To combat this issue, I want to create a rule that quarantines emails with excessively long prefixes. Are there Exchange Online rules that can help me do this?
4 Answers
Honestly, I have no idea, but I do think 20 is way too short for a limit. Maybe consider adjusting it to something like 40-50 characters instead.
I've also noticed those fake FROM names popping up. Have you seen any recent EXO updates that may help reduce these problems? They were supposed to address empty senders and multiple addresses in the from field.
I think 20 characters might be a bit too short, especially with common formats like [email protected]. It might block legitimate emails, so I suggest raising the limit to around 50 characters instead. Just a thought!
Agreed! Adding a warning to the subject line could also help users identify problematic emails.
You can actually set up a transport rule using regex with the -FromAddressMatchesPatterns option. Just use a pattern like S{300,}@ to match any non-space characters that are 300 or more in length before the @ sign. This should help in catching those long email addresses!
That regex is genius! I didn't know we could use it like that, but it's definitely going to make my job easier.
Absolutely! A higher limit would prevent legitimate emails from getting caught in the filter.