Adding a Transport Rule

In order for Office365 to interpret emails tagged by Phish Protection as spam, add a transport rule at

Create the rule as follows:

  • Name

    • PP - Impersonation

  • Apply this rule if 

    • the message header / includes any of these words

      • Specify header name - X-PhishProtection-Warning

        • Enter words: senderimpdomainimp

  • Do the following

    • Modify the message properties

      • Set the spam confidence level

        • To: 7

  • And

    • Redirect the message to / hosted quarantine

Illustrated below:


Each of the visual headers that Phish Protection can inject into the message body can be disabled by the system admin. However the message headers can be used to configure additional routing based on your system preferences.

For example you could add senderspoof to the transport rule that you just created.