On 10/05/2018, 15:54, "David Jones" <djo...@ena.com> wrote:
They do. I saw an example a few weeks ago. >Paul Stead claims to have seen it, but it's important to positively >identify it as spoofing and not hacking. Not sure what the difference is from a mail filtering perspective. From Microsoft's perspective it is both. A spammer got someone's password and started sending a bunch of invoice phishing emails pretending to be a local construction company that happens to host their email on O365 so their SPF record is good. I agree this scenario seems unlikely, I can't find any example, I have done some testing myself. Seems that O365 will return 550 5.7.60 SMTP; Client does not have permissions to send as this sender if the SMTP From is anything but an accepted address for that user in the domain controlled with O365 I was convinced I have seen this scenario but without the evidence I'll have to chalk it to bad memory Paul -- Paul Stead Senior Engineer (Tools & Technology) Zen Internet Direct: 01706 902018 Web: zen.co.uk Winner of 'Services Company of the Year' at the UK IT Industry Awards This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Zen Internet Limited may monitor email traffic data to manage billing, to handle customer enquiries and for the prevention and detection of fraud. We may also monitor the content of emails sent to and/or from Zen Internet Limited for the purposes of security, staff training and to monitor quality of service. Zen Internet Limited is registered in England and Wales, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01