Protect end users from cross-domain spoofing

Question

Let say I have contoso.com as my primary domain. I am sending emails all around the world to a different domain. I have one of my customers fall into a phishing and spoofing incident. My customer receives an email from "comtosoo.com" which is the domain that is sending phishing emails. My customer wasn't able to notice the email address at first glance so they mistakenly thought that's its the right email address.

I am well aware of email protection like SPF, DKIM, and DMARC but these settings do not protect me from Cross-domain spoofing (based on my experience).

Is there a setting that I can configure to my Microsoft 365 tenant account to protect my email recipients from falling into such schemes?

What are the settings and recommendations that you can provide to limit and prevent such incidents?

Thank you

Answer 1

Hi @Karlo

Some spoofing emails can be identified by DKIM, SPF. Remaining spoofing emails need to be identified by the users. So You could consider adding a disclaimer to alert your organization members when they receive mail from an external source.

For example: Simply go to the Admin Center, select “Mail Flow”, and create a new rule.

Select ‘the sender is located:’ ‘Outside the organization’
Select ‘Do the following” and
Select ‘Apply a disclaimer to the message’ Or ‘prepend a disclaimer’

Official documents:
Mail flow rule actions in Exchange Online

---

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.