Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Thursday, August 30, 2018 6:00 PM
Hello,
We are receiving multiple SPAM emails that has different sender, domain, IP & subnet. But the message ID is the same.
The message ID is 1VI1PR0401CA00076778VI1PR0401CA00076767VI1PR0401CA0007@VI1PR0401CA0007.eur05.prod.office365.com
I created a rule using the following condition...
A message header includes "1VI1PR0401CA00076778VI1PR0401CA00076767VI1PR0401CA0007" "Specify Words or phrase" "1VI1PR0401CA00076778VI1PR0401CA00076767VI1PR0401CA0007@VI1PR0401CA0007.eur05.prod.office365.com"... and the action is set to delete without notifying
This is not deleting the SPAM emails and the SPAM keeps coming in from different sender, domain, IP & subnet, where the message ID remains the same.
Is it possible to block emails using the above condition & action? Or what would be the best suggestion for this scenario? Any assistance is highly appreciated.
Thanks
Aravind
Thursday, August 30, 2018 8:25 PM
Instead of specifying the word or phrase, match a pattern. You might need to learn a little about regular expressions so you can properly specify the pattern.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Celebrating 20 years of providing Exchange peer support!
Sunday, September 2, 2018 7:32 AM
Hi,
Please make sure those emails Message ID are same, as far as I know, different emails have different Message ID, it is a unique parameter.
If you can make sure those emails Message IP are same, you can create a transport rule like picture below:
The server name for a sender is stable, so I test transport rule with it:
When I try to send mails again, a NDR is come back:
Regards,
Kyle Xu
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Tuesday, September 4, 2018 9:16 PM
Thanks for this response Kyle.
I will try this and update you...
Monday, September 10, 2018 4:03 PM
Hello Kyle,
This worked for me!!!! The sender, domain, IP & subnet were all different except the message ID. So I created the rule as "A Message header includes" "Message-ID" 1VI1PR0401CA00076778VI1PR0401CA00076767VI1PR0401CA0007@VI1PR0401CA0007.eur05.prod.office365.com
Thanks for your advise..