Setting Up Domain Spoof Protection In Office 365
The following instructions will show you how to create a rule in Office 365 that will prevent your domain from being spoofed from outside your environment.
This rule will accomplish the following;
- Delete any inbound emails that originate from OUTSIDE your organization that are set to look like they come from your domain. (domain spoof protection)
- Allow emails from KnowBe4’s servers to bypass this rule (so phishing tests can be conducted that look like they are coming from internal email accounts).
Note: This rule will only protect your users from outsiders who are trying to spoof your domain. It will not affect an external email from being sent using your domain to another email address (not to your company). For simplicity’s sake, it will prevent emails from being sent to your users from outside your company that look like they are originating from within your company. But it will not prevent a person from sending someone else outside your company an email that looks like it comes from your company. That is typically handled with SPF record management which is not covered in this document.
First, Log into your Office 365 portal and go into the Admin>Exchange area.
Office 365 Exchange Admin Area:
Next, you'll start creating the new rule:
Click on the mail flow section 1 and then click the big + sign 2 in the right hand area and select “Create a new rule…" 3
New Rule Screen:
Creating the rule:
Give your rule a relevant name. Then choose “Apply this rule if…” and select “The sender is located Outside the organization” 4
Add a condition and then choose “The sender’s domain is…” and input your company’s email domain(s).5
Then choose a reaction. In our case we chose to delete the message, however if you wish you can choose other options based on your security policies. 6
Add an exception for KnowBe4 (or any other external organization who may need to send email like it’s coming from your domain to your users e.g. hubspot) Choose “Sender’s IP address is in the range…” and fill in the IP Addresses of the external organization’s mailserver. 7
In our case the IP Addresses are:
23.21.109.212
23.21.109.197
192.254.121.248
(For more Whitelisting information CLICK HERE)
Lastly choose to Match sender address in message and select “Header or envelope”. 8
Then save the rule and you’re done!