With Phishing campaigns and spam being a problem many people only trust internally sent email.

But, what if that spam or phishing email only looks like it is internal?!?

That's where this rule comes in.

  1. Log into your Office365 Admin portal.
  2. Locate the "Exchange" menu item under "Admin Center" and click on it.  This will open the Exchange Admin Center in a new tab or window.
  3. Locate, on the left hand side, the menu item "Mail Flow" and click on it.
  4. Under "Rules" click on the [+] to add a rule.
  5. Name the rule something like "Domain Spoofing Prevention".
  6. Under "Apply this rule if..." click the drop down and select "is external/internal" and then pick "Outside the orgainzation".
  7. Click on "add condition" and then click the drop down and select "domain is" and type in your domain name then click "OK".
  8. Under "Do the following..." click the drop down and select "Block the message" and pick "delete the message without notifying anyone".
  9. Scroll down to "Properties of this rule:" and enter "0" into the "Priority" box.
  10. Then scroll down a little more to the "Choose a mode for this rule" and select "Enforce".
  11. Click "Save".

At this point you now have a rule that will block any email coming from anyone that looks like it comes from your domain.

This is all "well and good" unless you use 3rd party services to send email on your behalf... like QuickBooks or FreshDesk.

If you do, you will need to add some "Except if..." options.

It is hard to tell you what you need to do to get email working from external sources.

However, if you look at your SPF record for your mail sending... you will have a good starting point.

*** NOTE: This does not work on integrated service provider's implementations of Office365.  Like GoDaddy or other resellers.