Manager Senders who are spoofing your domain in office 365
Office 365 provides a feature called spoof intelligence; Spoof intelligence allows you to review who are spoofing either domains which is part of your organization or spoofing external domains.
Spoof intelligence is part of the following Office 365 Subscriptions.
- Office 365 Enterprise E5
- Advanced Thread Protection for Office 365
- As of October 2018 Exchange, Online Protection (EOP)
To get started with managing senders who are spoofing your domain open Microsoft 365 Security & Compliance Center and enter your admin credentials.
- In the Security & Compliance Center, expand Threat management > Policy.
- Click on Anti-Spam.
- In the right pane, on the Standard tab, expand Spoof intelligence.
- To view the list of senders spoofing your domain, select Review new senders.
Note: If you’ve already reviewed senders and want to change some of your previous choices, you can choose Show me senders I already reviewed instead.
- On the Standard tab each row represents a sender that is spoofing one or more users in your organization.
- If a sender is spoofing multiple users and you want to allow that sender to spoof some users but not others, on the Standard tab, select Choose users.
This displays the Detailed tab with the list of users being spoofed. The list is split into individual rows so that you can choose whether to allow or block the sender from spoofing each user individually.
- To add a sender to the allow list for a user, choose Yes from the Allowed to spoof? To add a sender to the block list for a user, choose No.
- To view External Domains which are sending spoofed emails, click on the External Domains Tab. If it’s not a legitimate spoofing domain then you can select to not allowed this domain to spoof.
- Select Save to save any changes.