Introducing Spoof Mail Reports

The following article was written by Rob McCarthy who is a Business Program Manager for Readiness in Microsoft.

Spoofing continues to be a top concern for any security conscious email administrator today. Generally, there are two spoofing scenarios that administrators must devote thought to…

  1. An organization is receiving spoofed messages from a malign source asking for network credentials. These emails must be blocked immediately. This is the one that keeps them up at night.
  2. A legitimate newsletter sent from a 3rd party partner is being mistakenly marked as spam because it appears to be spoofing the organization. Users must receive these.

In an effort to provide transparency into spoof detection, and to more easily address both the false-negative and false-positive impact circumstance, a ‘Spoofed Mail Report’ will now be part of Exchange Online’s report catalogue.

The “Spoofed Mail Report” will not only provide administrators a clear view of specific spoofing instances and anomalies, it will allow the administrator to drill down into the detail of individual instances. Furthermore, administrators will be offered the ability to immediately block or allow these true senders based on their IP.

This new report can be found under the Protection Reports heading.


For additional information on this report, as well as the other reports, please see “Use mail protection reports in Office 365 to view data about malware, spam, and rule detections

Your feedback shapes our products so please take a look and let us know what you think!

- Rob McCarthy