Allow a company to change the firstname.lastname@example.org to something similar to no-reply@<companyname>.com.
Allow a company to change the email@example.com to something similar to no-reply@<companyname>.com. This allows for a more specific whitelisting/trusting and prevent legitimate SharePoint share requests from being quarantined. Currently the only option is to create a transport rule to bypass spam filtering for all firstname.lastname@example.org (according to Microsoft ticket).
This is a great idea and as we are labelling external emails every share in SharePoint Online or OneDrive the email@example.com is always tagged as external. A no-reply@<company>.com address would help to clearly separate internal shares from externally shared files nd folders.
+1...... waiting for this urgently
SPF check is useless for compromised accounts, there are trusted !
in my company we are working very hard to avoid compromised account (use of SAML only) , that's why we need to make a difference between what is sent from our tenant or not
Andy Brodie commented
Does not having this feature drive bad behaviour (i.e. poor security practices) by users who get in to the habit trusting anything from sharepointonline.com?
Gary Patel commented
Please add this feature. All our emails that leave SharePoint end up in the spam folder for Google Workplace users.
Michael Campblel commented
Our Security Manager has just asked me the same question. With all the phishing emails that circulating, it would be a huge advantage to be able to customise this email address
Gordon Biswas commented
Any update on this?
David Nelson commented
Very disappointed you cancelled Roadmap item #56361 which was supposed to address this issue. Why did you cancel and not reflect the cancelation on the Roadmap?
Sigurd Felix commented
Tomasz Waśko commented
I wonder why the messages related to tenant are being send from outside the tenant.
Can't those be "injected" internally?
It would be clear what's coming from company SharePoint and what from other companies using the system.
Any news to that? We are facing the same problem here.
We are having a hard time determining what is from our tenant and what is not. We should be able to change this.
Please fix this and add capabilities to allow better filtering and user awareness to avoid phishing attacks.
Microsoft has a great responsibility to make such an ecosystem as secure as possible.
Thomas W commented
This is a big problem for our company users. They do not see what has a company releation and what comes from outside.
Michael Torres commented
This is a major security consideration. I am disappointed that Microsoft di not realize the problems this causes. Whitelisting and blacklist is messed up, when all sharepointonline uses the same from address globally.
My users are not getting their email, and I cannot tell them to whitelist because security will not let me. I am in a catch-22, that should have been foreseen.
This is a potential security flaw that allows phishing emails through any gateway protection in place as well as the emails passing through O365's own filters.
Please address this, Microsoft.
Ian Crew commented
This idea has also been posted several other times here recently. A few of those duplicates are:
Hopefully the UserVoice admins can consolidate all of those (and their votes) into a single idea!
Corey Caplette commented
At a minimum, ensure that emails coming from firstname.lastname@example.org pass SPF and DKIM validation. These emails are regularly going to spam with failed SPF records.
Sander van Uden commented
Because of the generic email address we are unable to differentiate messages from our clients. This makes automating message flows harder than it should be.