I'm looking for a way to block any emails from being delivered to anyone in my organization if any of the recipients have addresses from a specific lookalike domain, like 'ammazon.com' instead of 'amazon.com'. We've encountered situations where a vendor got hacked and they sent emails that looked legit because they included multiple recipients with this fake domain. I want to prevent these emails from being delivered altogether, even to legitimate recipients, and I'd like to receive alert notifications as the admin so I can investigate potential security issues. I've tried using a data loss prevention (DLP) policy, mail flow rule, and the tenant allow/block list, but while it seems to block the fake domain, the emails still get delivered to legitimate addresses. I'm the solo admin of a small to medium business using Microsoft Business Premium and I'm open to other solutions if there's a better way to handle this.
3 Answers
If I’m understanding correctly, setting up two transport rules should work—one for each direction (inbound and outbound). Just make sure they’re configured properly to block messages sent to your employees as well.
You might be able to achieve your goal using transport rules. Try setting up two rules: one for inbound emails and another for outbound emails where the sender or recipient matches that fake domain, and ensure that it sends reports to the admin.
Unfortunately, you can't control what others do with lookalike domains. All you can really do is focus on stopping those inbound emails to your organization. There are services that can help you monitor and report such domain registrations, but educating your staff and partners is critical too.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures