Preventing internal email spoofing with Office 365

Back to Blog
Preventing Email Spoofing

Preventing internal email spoofing with Office 365

Email spoofing is a problem that affects companies world wide. This type of spoofing email is complex because it looks legitimate. After all, the email did appear to come from within your domain! Companies can lose millions of dollars through sophisticated phishing attacks and internal spoofing. The attacker will send an email posing as someone like the CEO. The attacker will send this email to someone, typically in the finance department, to wire money into an account. But here’s where things get tricky. This typical attack plays out where the email will come from a sender such as or they may not even try and use This can be thwarted easily by a phone call to the CEO. But what happens when the email comes from How do you know it’s actually legitimate?

Keeping email spoofing from happening

This is a game of cat and mouse. However, we can always get the upper hand in battling this growing cyber-security threat simply by using our email system to protect itself. Most companies use Office 365 or Microsoft Exchange and this is a great solution to easily implement. We will use this technique to greatly reduce risk.

We are going to add a banner like the following to any email that originates from outside our email system and approved senders that can use our domain.

It’s actually easier than you think to add this warning.

Warning against potential email spoofing

To complete this, you must be an Exchange Administrator or a Global Administrator in Office 365.

  • Login to the Office 365 portal.
  • Click on Admin.
  • Under Admin Centers, click on Exchange.
  • Click on Mail Flow.
  • Create a new rule. Call it Email Spoofing or whatever you’d like.
  • Set the conditions:
    • The sender is located outside the organization
    • AND the senders domain is INSERT YOUR DOMAIN(S) HERE
    • Do the following:
      • Prepend the disclaimer:
      • <div style="background-color:pink; border:0px dotted #003333; padding:.2em; "> 
        <span style="font-size:16pt; font-family: Monospace; color:black; font-weight:bold; padding:.2em">Warning</span> 
        <div style="text-indent:1em; font-size:10pt; font-family: sans-serif; font-style:normal; font-weight:bold; padding:.2em">This email appears to be from a <COMPANY> address but is from outside of <COMPANY>'s mail server. This could be a malicious email. Use caution and verify any information with the sender over the phone. Forward to <a href=""></a> if you have any questions.</div> 
      • And fall back to action WRAP if the disclaimer cannot be added.
    • Except if
      • And add any conditions that would apply.

Now when an email enters and it appears to be from within the company such as the CEO, it will contain a red banner warning that it may not be from who it claims to be.

The rule you create will generally need to be tweaked so all legitimate senders don’t get falsely flagged.

Xinsto is a Microsoft Partner and can help Office 365 customers setup email spoofing protection. This service is part of our cloud service offerings when you purchase Office 365 through us.

Subscribe for more tips!

[wysija_form id=”1″]

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Blog