Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

blocked spoofed email user is sent an Office 365 NDR

The issue we are seeing is when a spoofed email is sent for a user, for instance user gets an from for a fake voicemail message.

What is happening is Office 365 is accepting the message and marking it as spam, then it hits the transport rule to send it to Sophos to check it out.  Sophos then deletes the message because it either sees it as spam OR the user has put a policy in place to already reject them.

The transport rule ends and doesn't deliver the message to the end user but THEN the end user gets a non delivery message from Office 365 telling them they couldn't send their message as if the message actually came from them and couldn't be delivered to them.     The message clearly wasn't sent by them as I can see the IP is from another country but is from a fake account.

If a message is deleted by Sophos and not delivered then how do I get Microsoft to NOT send an NDR to the end user that actually didn't send the spoofed message.


This thread was automatically locked due to age.