It seems that a lot of our spam that is sent into our system has faked the sender name to contain the
recipient name. For example, if the user the mail is sent to is john.doe@microsoft.com the spam will be sent FROM john.doe@somedomain.com and then a few minutes later an exact copy of the email will come from john.doe@anotherdomain.com. They're
obviously reusing the username but changing the domain name. Is it possible to create a transport rule (or some other filter) that can eliminate any message where the sender address contains the recipient user name? So that any message that contains
john.doe is deleted/marked as spam? Maybe also add an exception unless sender is john.doe@microsoft.com so that users can still email to themselves? Maybe with an is authenticated exception?
↧
