none
Validate the external sender in Office365 RRS feed

  • Question

  • Hi All, 

    Thanks in advance, I am looking for the steps where we can validate the sender based on their SPF & DMARC records in Office365. For example: if an email comes from usera@domainb.com to our Office365 tenant which actually hosts domaina.com.

     

    Now, our Office365 quarantines this sender stating no much detailed info available of the sender. I knwo that I can whitelist either the email address or the domain, but by doing so I will have no control over spoofed emails from this domain. So, I want to control receiving emails from this sender and hence I have collected SPF & DMARC records of this sender, but I am not aware of how to add these records for domainb.com in Office365.


    Niranjan

    Tuesday, October 15, 2019 10:44 AM

All replies

  • Hi All, 

    Thanks in advance, I am looking for the steps where we can validate the sender based on their SPF & DMARC records in Office365. For example: if an email comes from usera@domainb.com to our Office365 tenant which actually hosts domaina.com.

     

    Now, our Office365 quarantines this sender stating no much detailed info available of the sender. I knwo that I can whitelist either the email address or the domain, but by doing so I will have no control over spoofed emails from this domain. So, I want to control receiving emails from this sender and hence I have collected SPF & DMARC records of this sender, but I am not aware of how to add these records for domainb.com in Office365.


    Niranjan

    So you own domain B?

    If so, then simply update the SPF records of that domain in the external DNS of that zone.

    If these are coming from Office 365, and nowhere else it would like this:

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing

    include:spf.protection.outlook.com

    For DKIM, you can set that up for the domain as well following:

    https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email

    If however, you dont own that domain and you simply want a way to check it inbound and whitelist it, then create a transport rule that whitelists that domain *AND* also checks the header for SPF pass:

    'Authentication-Results' header contains ''dmarc=pass''

    Tuesday, October 15, 2019 11:16 AM
    Moderator
  • Hi Andy,

    Thanks for your reply, we do not own domainb.com. They are one of our vendors who we deal with regularly, like gmail.com. What if they are not hosted in Office365?


    Niranjan

    Tuesday, October 15, 2019 12:15 PM
  • Hi Andy,

    Thanks for your reply, we do not own domainb.com. They are one of our vendors who we deal with regularly, like gmail.com. What if they are not hosted in Office365?


    Niranjan

    That doesnt matter actually. All you care about is if they pass DMARC and you can check for that with a transport rule and whitelist based on that.

    Tuesday, October 15, 2019 12:41 PM
    Moderator
  • Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, October 21, 2019 10:20 AM
    Moderator