How To Create A Transport Rule To Avoid Spoofing Email

Introduction

In spam and phishing attacks, email spoofing is a technique used to mislead people into believing a message came from a source they know and/or can trust. In spoofing attacks, the sender alters email headers so that client software shows the false sender address. The majority of users take this sight at face value. Users believe the bogus sender of a message until they thoroughly examine the header. They are more likely to believe the spoof if the name is one that they are familiar with. Therefore, they will open virus attachments, click fraudulent links, provide critical information, and even wire company dollars.

How Email Spoofing Works and example with use case

The goal of email spoofing is to trick users into believing the email is from someone they know and/or can trust—in most cases, a colleague, vendor or brand. Exploiting that trust, the attacker asks the recipient to divulge information or take some other action.

As an illustrative example, suppose you are employed by PayPal and have the email address abc@paypal.com. Assuming you are a member of the finance team and receive instructions to transfer funds to account xxx from your immediate supervisor. This email was actually sent by your manager, because when you click on it, the manager's email is displayed exactly as it is. Therefore, if you have not set the external banner, you will not be aware that this email originated from outside the organization, and will therefore be willing to believe it.

The sender shows abc@paypal.com, but it's a phishing email which is faking your email address. The real sender is not abc@paypal.com.

To avoid this issue in the future, we can create a transport rule to reject this kind of phishing email. 

Step 1

Exchange admin center > mail flow > rules > create a rule

Step 2

Check "more options."

Step 3

Condition and action as below: when the sender is outside of your organization, the address includes " abc@paypal.com ", block the email.

Summary

In this demo, we have learned how to create a Transport Rule to avoid spoofing email. If you have any questions, please comment under this article using the comment box.