G DATA Phishing Simulation

ISometimes, emails pass through a receive connector twice. One example of this is sending incoming e-mail from Microsoft Online to a third-party provider for virus checking. The emails are then sent back to the original email recipient by this third-party provider.

The problem is, that whitelisting is based on checking the sender. When the email was resent by the anti-virus provider, the sender had changed.

Adding the antivirus vendor to the whitelisting is not the solution!

Instead, the receive connector must be configured so that it skips the last sender and looks it up, who originally sent the e-mail (Advanced filtering for connectors in Exchange Online). The whitelisting then takes effect again.