Allow a company to change the firstname.lastname@example.org to something similar to no-reply@<companyname>.com.
Allow a company to change the email@example.com to something similar to no-reply@<companyname>.com. This allows for a more specific whitelisting/trusting and prevent legitimate SharePoint share requests from being quarantined. Currently the only option is to create a transport rule to bypass spam filtering for all firstname.lastname@example.org (according to Microsoft ticket).
Sigurd Felix commented
Tomasz Waśko commented
I wonder why the messages related to tenant are being send from outside the tenant.
Can't those be "injected" internally?
It would be clear what's coming from company SharePoint and what from other companies using the system.
Any news to that? We are facing the same problem here.
We are having a hard time determining what is from our tenant and what is not. We should be able to change this.
Please fix this and add capabilities to allow better filtering and user awareness to avoid phishing attacks.
Microsoft has a great responsibility to make such an ecosystem as secure as possible.
Thomas W commented
This is a big problem for our company users. They do not see what has a company releation and what comes from outside.
Michael Torres commented
This is a major security consideration. I am disappointed that Microsoft di not realize the problems this causes. Whitelisting and blacklist is messed up, when all sharepointonline uses the same from address globally.
My users are not getting their email, and I cannot tell them to whitelist because security will not let me. I am in a catch-22, that should have been foreseen.
This is a potential security flaw that allows phishing emails through any gateway protection in place as well as the emails passing through O365's own filters.
Please address this, Microsoft.
Ian Crew commented
This idea has also been posted several other times here recently. A few of those duplicates are:
Hopefully the UserVoice admins can consolidate all of those (and their votes) into a single idea!
Corey Caplette commented
At a minimum, ensure that emails coming from email@example.com pass SPF and DKIM validation. These emails are regularly going to spam with failed SPF records.
Sander van Uden commented
Because of the generic email address we are unable to differentiate messages from our clients. This makes automating message flows harder than it should be.