ORCA.118.3 - Your own domains are not being allow listed in an unsafe manner in Anti-Spam Policies.
Overview
Emails coming from allow listed domains bypass several layers of protection within Exchange Online Protection. When allow listing your own domains, an attacker can spoof any account in your organisation that has this domain. This is a significant phishing attack vector.
Remediation action
Remove allow listing on domains belonging to your organisation.
Related Links
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.118.3 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA118_3 |
| Tags | EXO, ORCA, ORCA.118.3 |
Source
- Pester test:
tests/orca/Test-ORCA118_3.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA118_3.ps1