We had a customer getting 30ish spammed emails from their website each day, but it wasn’t coming from the website. We handle their website and email so by looking into the back-end of the website we could see there were no form submissions. This meant it was spoofed to seem like it was coming from the site.

We needed something to use to block these emails. The customer forwarded a couple of the emails so we could look at the internet headers. Opened the email in Outlook and then went to File >> Properties.

Scrolling through the header we found the offending email address “krates@host.pcmdns.com“, the IP address and domain.

We went into their Office365 online account and went to the Admin >> Show All >> Security.

This will take to you https://security.microsoft.com. Once there you will click on “Policies & rules” >> Threat policies >> Anti-spam.

Once there to block the IP we went to Connection filter policy (Default) >> Edit connection filter policy.

Enter the IP address you want to block and hit “save”. Make sure it did save. We had to do this a couple of times before the IP showed in our policy list.

We also created a separate policy to handle the email address. Start with clicking on the “Create policy” >> “Inbound“. In the Users section add the email addresses you want to protect. We didn’t add any groups. We put their “their-domain.com” and “microsoft.their-domain.com” for the Domains section. For the Action we sent the emails to the junk folder. In the “Allow & block list” we added the offending email address.

Microsoft documentation was a little outdated, but helped us. We found that information here.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-worldwide

Let us know if this helped you…