Knowledgebase: OCAD U 365 Email
OCAD U 365: Handling Legitimate Spoofed Senders (Listservs, Mass Mailing Services, etc.)
Updated: 13 September 2019 10:16 AM

OCAD U 365 (Microsoft Office 365) has very robust anti-virus/malware/phishing/spam protection. One of the features designed to protect the OCAD U community, is a fraud detection check that ensures messages arriving in your mailbox have actually originated from the person in the From: line of the message. The From: header on a message can be easily forged by a malicious spammer - causing users to believe a message may be important or valid because it appears to originate from a trusted source (eg. An OCAD U user appears to receive a message from another OCAD U user, but the From: line has been forged).  Phishing scams commonly spoof the sender address in an attempt to build trust in the receiver.

There are, however, some legitimate business reasons to spoof an internal email address:

  • A third-party service is being used to send bulk email to employees (eg. surveys, polls, donor relations, newsletters).  A good example is MailChimp.
  • Mailing list (Listserv) memberships

These cases need to be dealt with manually on a case-by-case basis by IT Services staff. Without appropriately "white listing" legitimate uses of spoofing, you risk your messages being delivered to Junk Email and marked with a fraud detection warning. In some cases, if a high enough spam confidence score is achieved, the email may be deleted without being delivered.

If your department utilises a service that spoofs the sender address (appearing to originate from inside OCAD U) on email messages, especially as part of an important business process, please contact OCAD U 365 support at  Please provide us with:

  • The name of the service you are using
  • Your departmental business use case
  • The user or address being spoofed in the From: line
  • Links to (or attachments of) support documentation provided by the service with regards to white listing their mail servers