Knowledge Base

Spoofing alerts appear when you send internal emails in Office 365

Problem:

You use CodeTwo software and your default onmicrosoft.com Office 365 domain (given to you by Microsoft when you first signed up to Office 365) to send emails in your environment. When you open an internal email, you see the warning:

This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing

right above the message body, as shown in Fig. 1. 

651-1
Fig. 1. A spoofing alert in Office 365.

Solution:

Office 365 shows this warning for your security because onmicrosoft.com Office 365 domains are often used to send spam. Such domains are managed by Microsoft, so it is not possible to fix the issue by configuring your SPF record.

To solve this problem, you can:

  • contact Microsoft and ask them to add your default onmicrosoft.com domain (or individual affected users) to their whitelists;
  • use your own domain to send emails instead. This is recommended by Microsoft.