Adding a Transport Rule


In order for Office365 to interpret emails tagged by Phish Protection as spam, add a transport rule at https://admin.exchange.microsoft.com/#/transportrules:



Create the rule as follows:


  • Name

    • PP - Impersonation

  • Apply this rule if 

    • the message header / includes any of these words

      • Specify header name - X-PhishProtection-Warning

        • Enter words: senderimpdomainimp

  • Do the following

    • Modify the message properties

      • Set the spam confidence level

        • To: 7

  • And

    • Redirect the message to / hosted quarantine



Illustrated below:



















Notes


Each of the visual headers that Phish Protection can inject into the message body can be disabled by the system admin. However the message headers can be used to configure additional routing based on your system preferences. 


https://support.phishprotection.com/support/solutions/articles/5000870117-headers-for-phishing-protection


For example you could add senderspoof to the transport rule that you just created.