ORCA.118.4 - Your own domains are not being allow listed in an unsafe manner in Transport Rules.
Overviewβ
Emails coming from allow listed domains bypass several layers of protection within Exchange Online Protection. When allow listing your own domains, an attacker can spoof any account in your organisation that has this domain. This is a significant phishing attack vector.
Remediation actionβ
Remove allow listing on domains belonging to your organisation.
Related Linksβ
- Exchange admin center in Exchange Online
- Using Exchange Transport Rules (ETRs) to allow specific senders
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | ORCA.118.4 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA118_4 |
| Tags | EXO, ORCA, ORCA.118.4 |
Sourceβ
- Pester test:
tests/orca/Test-ORCA118_4.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA118_4.ps1