There are many approaches to blocking email spoofing. Let's walk through a simple method using Office 365 email transport rules to prevent employees from receiving emails sent from an attacker pretending to send email from

Login to Office 365 using an account with administrator rights.

Open the 'Admin centers' navigation tree on the left and click on 'Exchange'.

Click on 'Mail flow'.

Click on the '+' sign to create a new rule.


Congrats, you have a shiny new anti-email spoofing rule in place!

If you found this article useful or would like assistance from our team of security experts, reach out to our team. We provide security consulting and managed security services.

Our business is protecting yours.