u/dasfoo

Several of my clients and I have mail hosted through MS365. This past week, we've all gotten the same spam/phishing emails that appear to be from DocuSign about signing NDAs.

One of these clients, however, is behind an external spam filter that logs all of the incoming email, and these emails do not show up in the logs. That means that these emails are not coming through the mail server listed in their MX Records, but are somehow getting sent directly to their inbox from within Microsoft, right?

Another client received these emails sent from his own address, spoofed. Normally, the DMARC/DKIM records should prevent this, correct? Unless the spammers are able to bypass those checks.

How do we stop this spam from within the system?