Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 19 subscribers
  • Views 3098 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Emails from 365 tenants or outlook.com ignoring MX records - bypassing VIP protection checks.

Ian Hellier

Hey Folks,

I've setup the email advanced on a test domain in my organisation for the sole purpose to see how the VIP protection works (and other items, but they're not in question here).

So it's all setup and seems fine, I get the impersonation banner etc. but only if I send my test account an email from my gmail.

Gmail > 365 test account > marked as impersonation

outlook.com > 365 test account > not marked (seems to take a single hop and lands in mailbox).

other 365 tenant > 365 test account > not marked, similar to above.

Bearing in mind I am not sending to my actual account, my test account is named differently as I know impersonation protection doesn't work to yourself, based on the presumption you would know you're not scamming yourself.

My concern is if this doesn't protect against outlook.com and other 365 tenants impersonating then it's only partially effective as anyone can create outlook.com accounts.

Anyone else had/seen/fixed/cried themselves to sleep over this?

Cheers

Ian



Added tags
[edited by: Raphael Alganes at 6:36 AM (GMT -7) on 7 Jun 2023]
Unfiltered HTML