I've received a few reports from an organization where users are finding spam emails coming from their own accounts. The trace logs suggest these emails are being sent internally, from one user back to themselves. We've already had them change their passwords, and multi-factor authentication (MFA) is enabled. I've checked their inbox rules and confirmed that DKIM is set up, but I'm still at a loss for what might be causing this. Any ideas on what I should investigate next?
3 Answers
Definitely consider disabling Direct Send as soon as possible. You'll also want to ensure that you have the correct connectors set up for any legitimate email sources outside of Office 365.
This issue is likely due to Microsoft's Direct Send vulnerability. Users with an Exchange account can send emails that bypass standard security measures, and that's probably why you're seeing these spam emails. We had similar problems and had to set up specific rules in Exchange to block it, while allowing certain email addresses to still use direct send because we couldn’t disable it organization-wide.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures