Please read through the guide, as it helps you to prevent users reporting the CSA emails to Microsoft and eventually getting them blocked.
The Microsoft Outlook “Report Message” feature enables an end-user to report an email as per this screenshot:
Should a User report one of the CSA specially created e-mail templates to Microsoft, then Microsoft will use their URL scanning solutions to test the safety of the e-mail and the link. In doing so, this will create a false/positive in the CSA reporting system because the link will have, in effect, been clicked as if the end-user clicked the link
This document has been created to assist those organisations who have deployed this service and will outline how to create a Microsoft Office 365 Mail Flow rule to stop these e-mails being sent to Microsoft’s specific phishing and SPAM email addresses.
Note: Only our specific emails will be prevented from being sent. All other suspected Malware and SPAM will be forwarded to Microsoft as you would expect.
Create a Mail Flow Rule within Office 365 Exchange
- Log into Microsoft Office with an Administrator user profile and select “Admin” for navigating to the Microsoft Admin Centre.
- Once you are in the Admin Centre, Click on Show All, then select Exchange, to navigate to the Exchange Admin Center.
- Now, you need to select “Mail Flow” from the left-hand menu and then select “Rules” from within the Mail Flow option.
- Click on Add a Rule, then select Create a new Rule.
- Give the new rule the name: "Block Outbound Mail – CSATraining". Under the first drop down, 'Apply this rule if...', select "The recipient", and under the second drop down, select "Is this person".
- After you've selected the above, you will be prompted to enter recipient (email) addresses. Now, you need to add these 2 addresses: "Junk@office365.microsoft.com" and "phish@office365.microsoft.com" [Remember - you need to click on "+Save" and the Save button, on the bottom of the page] as below:
- Now, you need to click on the "+" button to add a condition to the new rule.
- Under the first drop down, 'Apply this rule if...', select "The subject or body", and under the second drop down, select "Subject or body includes any of these words".
Then you will be prompted to enter words that are included in the subject or body, as according to the new rule. Enter "mail.csatraining.online" / "mail.csatraining1.online" / "mail.csatraining2.online" / "CSATraining" This is case-sensitive and has zero spaces. Remember: you need to click on Add and then Save, in order for the word to be entered on the new rule.
-
Once you've done the above, under "Do the following..", you need to select "Block the Message" from the first drop-down menu, and "delete the message without... " from the second drop-down menu as below:
- The completed Rule Conditions should look something similar to this:
- Note: We recommend setting the Priority as 0, so that this is the first rule that is applied, and another separate rule does not clash and block the emails, where this rule will not be applied. *The priority may need to be changed after creating the rule*.
Now, you need to click on the "Next" button on the bottom of the page, to add and set the rule settings. You need to make sure that, the "Enforce" button is selected, and [optional] you can write something in the "Comments" section, to remind you something about the rule in future Audits.
- Once you have clicked “Finish”, your rule is activated, and added to your list of rules.
You are able to check to see if the rule is working by returning to Outlook and reporting one of our emails to Microsoft.
You can then complete a Message Trace to view the “Failed” delivery for both phish@office365.microsoft.com or junk@office365.microsoft.com
If you have any questions / queries regarding this guide, please let a member of the Cyber Support Team know, and they will be more than happy to help you.
Comments
0 comments
Please sign in to leave a comment.