Hey everyone! I could use your help to clarify an email flow issue we faced today. We received a spoofed email that seemed to be from one of our users. This isn't too shocking since we still haven't set up DMARC (it's a bit of a saga). The email failed the SPF check, but it still got delivered, and it looks like it went through Microsoft's infrastructure because there's no indication it passed through our external mail filter. The email headers show it was received by an Outlook server from an external IP before being delivered to our tenant. So, my main question is: Is it really that simple to spam a Microsoft 365 organization? Does an email just need to go through a Microsoft server to bypass our external filtering solution that's set up in the MX record? It seems like Microsoft checks their own tenants first and doesn't even query DNS at that point. I hope this makes sense!
1 Answer
Yes, this is a known issue. It's crucial to restrict mail delivery to your tenant so that it only goes through your spam filter. Anything else can either be routed back or blocked completely, except for specific exceptions. You might want to read more about securing your third-party filtering setup to prevent issues like this.
What about if we use Code2 for signatures? Wouldn't that mess things up with our Barracuda?
Thanks for the insight! That really clears things up.