Share via

Allow Picture to display in Outlook.

Sanjay Bhakuni - admin 145 Reputation points
2024-08-30T06:02:08.1466667+00:00

We are running a phishing campaign in our environment and sending emails from an application using different domains. As per Microsoft recommendation, domain and Ips are added under Advance Delivery for phishing simulation. This fix one issue that emails are coming to inbox , instead of getting quarantined.

Here the main problem is the images which we have inserted inside emails are not displaying and we are getting below error.

User's image

I have seen lot of Microsoft articles, and they are saying add the domains under safer sender in outlook which will fix the issue, and I have tried from my account and agreed issue got fixed after that. Similarly, through command I can do this for all users by adding the domain in junk email configuration setting.

But it does not make any sense to allow the domains or senders for all users, for phising simulation we have 2 defined ips from where we are sending emails and by adding in junk email configuration settings will bypass every email along with spoofing came from these 2 domains.

Please help how to overcome this issue as adding in safe sender is not good for security.

Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,578 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Xintao Qiao-MSFT 3,995 Reputation points Microsoft Vendor
    2024-08-30T08:55:10.7133333+00:00

    Hi, @Sanjay Bhakuni - admin

    It sounds like you're having some issues running a phishing email campaign.

    While adding a domain name to a safe sender list can solve the problem of images not displaying, it does pose a security risk, as it may allow forged messages to pass through.

    For further security, consider trying the Advanced Threat Protection (ATP) feature in Microsoft Exchange Online.

    First, use the Safe Links and Safe Attachments feature. These ATP features can help prevent malicious links and attachments in messages. Safe Links dynamically scans for and blocks malicious URLs, while Safe Attachments checks message attachments for malware.

    More information can be found Introducing Office 365 Advanced Threat Protection | Microsoft 365 Blog

    In addition, configure an anti-phishing policy. You can set up anti-phishing policies to prevent impersonation-based phishing attacks. This includes enabling mailbox intelligence, anti-spoofing protection, and zero-hour automatic purge (ZAP) to detect and move malicious content to the spam folder.

    You can refer to Exchange Online Protection (EOP) overview - Microsoft Defender for Office 365 | Microsoft Learn

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.