Background
The president and other’s email has been spoofed for phishing attacks. This procedure provides guidance and instructions on how ITS will handle anti-spoofing for Executive Level email accounts that are the subject of spoofing.
Procedure
Rules can be set up in Office 365 that can block these spoofed emails for specific individuals once it has been verified that they do not have a need for sending mail from other outside systems to SVSU.
A ticket will be created for tracking and documentation purposes with two tasks:
- Task to verify that the executive does not need to send email to SVSU from 3rd party systems. It is important that this is verified and documented in the task and that the executive understands that if in the future they wish to allow a 3rd party to send email on their behalf this rule will need to be removed.
- Task for the email administrator to set up the anti-spoofing rule.