Users may see more messages being flagged as failing fraud detection checks with the message "This sender failed our fraud detection checks and may not be who they appear to be". The anti-spam service checks the headers of messages to verify the "From" field is the same as where the message originates.
Users may see more messages being flagged as failing fraud detection checks. The anti-spam service checks the headers of messages to verify the "From" field is the same as where the message originates.
Spoofing is one of the common tactics of spammers. Spammers are becoming more creative in their messages. As a result many email domains are choosing to either block these messages more aggressively or to flag them for their users in hope that the user will stop and think or confirm a message before they click a link in the message.
For instance, if you use an outside vendor to send email with a From address of @uwm.edu, the recipients may get the below message across the top of their email:
Jane sees the failed fraud detection message because the email that she received has hidden information in it, referred to as message headers. The message header shows the message originated from Jane@gmail.com using an email server for @gmail.com. But the message header also shows that the pantherLIST server sent the message from @uwm.edu. @uwm.edu is not part of @gmail.com email servers so Jane's spoofing check says that the message failed the fraud detection test (@gmail.com and @uwm.edu do not match nor do they trust each other). We were able to fix this error for pantherLIST senders and recipients within the @uwm.edu domain by our server admins making certain changes to allow it. Unfortunately, for senders and recipients outside @uwm.edu there is nothing that we can do to make this warning not happen.
For further information see: https://blogs.msdn.microsoft.com/tzink/2016/02/23/how-antispoofing-protection-works-in-office-365/