PowerShell can be used to quickly search through rules matching specific criteria. This can be incredibly valuable for a tenant that contains a lot of rules, think upwards of 50 or more. While possible to search for transport rules in the EOP portal, PowerShell offers a more powerful (and cooler) way to accomplish this.
This is a quick public service announcement before the weekend starts. Exchange Online Protection has been allocated a new IP range. Starting in 30 days, EOP will add 220.127.116.11/16 to the IP pool that is used to deliver mail that passes through custom connectors (ex. EOP outbound connector which routes inbound mail to your on-premises environment).
I recently worked on a very interesting case that I wanted to share. This organization had set EOP to deliver all spam messages to end users junk mail folder.
This worked great for most users, but a small number experienced EOP delivering spam messages directly to their inbox, as if they weren’t being scanned at all. Very peculiar indeed. Let’s go through the troubleshooting process to figure out what’s happening here.
When troubleshooting mail flow it is often important to determine where a message is handed off from a partner to your Office 365 tenant, or from your Office 365 tenant to a partner. This is easy to see in a message header, just look for the receiving host with the domain mail.protection.outlook.com, as this will indicate Office 365 servers.
But what if your partner is also an Office 365 tenant, then how can we tell when a message left their tenant and entered yours, or vice versa? If troubleshooting a mail delay, this is crucial information as this will let us know which tenant is experiencing the delay.
I have recently seen a large number of cases where an organization’s own domain was spoofed to send that company phishing messages. This isn’t all that uncommon, but what was concerning for me was the method used in these cases to do the spoofing. In these cases, only the 5322.From header was spoofed, which cannot be detected by an SPF check.
I've recently seen an increase in cases that involve incorrectly published SPF records that have resulted in sent mail failing the SPF check. Ensuring your SPF record is up to date is great proactive work that can help prevent issues with SPF checks. In this article I'm going to go over how to properly set your SPF record if you are using Exchange Online or Exchange Online Protection.
There is also a common mistake that organizations sometimes make in their SPF record when they are smart hosting mail out through EOP which I will also highlight.