I recently migrated my exchange 2016 to use send grid as the smart host. I’ve been monitoring the outbound emails through send grid. It appears that a large amount of spam (100+) per day are being sent from [email protected]
I realize this could be internal or external; but I need some help tracking it down.
Do you have access to any of these spam e-mails? The “Received:” headers will tell you the origins of these mails.
You’ll probably find that the mails are sent by third parties spoofing the “From:” address. Make sure your domain has a proper SPF record; this will help other mail servers reject mails from unauthorized senders.
proper spf dkim & dmarc records are almost required to prevent things like this from happening. im just happy that M$ is rolling out the advanced EOP stuff that used to come with the E5 to other mailboxes as well. the spoofing has gotten so effing out of hand for my 365 tenants and i hate setting up the MFA and app passwords etc.