Office365 anti-spam rules: empiric tests led to decoding of two rules (42882007 and 78352004)
ipSlav opened this issue · 3 comments
Hi there,
While performing some empiric tests during an engagement, abusing MS Direct Sender
for spoofing purposes, I noticed that (while using the exact same email pretext) the antispam rules 42882007 and 78352004 are matched when a replyTo
address is missing. In this context this has been confirmed and easily fixed by adding the -ReplyTo
flag while sending the email from Azure CloudShell with the Send-MailMessage
command.
Hi @ipSlav, that sounds like a terrific finding! How would you propose to name these two rules? :)
Ehi @mgeeky! Well, I would say something very simple as Missing Reply-To Address
might be ok. In any case if you have a different proposal feel free to share :)
Landed now :) Sorry it took me so long!
Once again thank you for terrific finding! :)