Hacker News new | past | comments | ask | show | jobs | submit login

Each Office 365 tenant does not have a personal Exhange server. The sending smtp server is being shared and can be verified with the email headers. That is how this flaw works.

I feel like an idiot because I see the same behavior with the variable 'not in my organization' with transport rules and how many false positives I've had. I can clearly see the usage of different exchange servers being used in my environment when my company acquires a bunch of users. It falsely flags them because they are using a different shared exchange resource.




You can't use Office 365 to send email that appears to be from a different org. It is an authenticated mail relay, and it'll just reject your email.

You have to verify that you own the domains that you use in the from address to send mail via their service.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: