Whitelist internal address on Exchange 365 for “Potentially compromised accounts”

I am receiving the following alert for an internal address:

Potentially compromised account. Anomalous sending patterns were detected resulting in the user being restricted from sending mail

Ironically, it’s my alerts@ address. It’s sending multiple external emails to cell phone addresses (@vtext.com, etc).

I have unblocked the address a few times following the directions here, but it keeps getting flagged again. How can I whitelist this address so it does not trigger this policy?

Answer

Based on my knowledge, the EOP will block the mailbox who sends mails too much email too quickly via Outbound spam protection in EOP. Here’s a detailed explanation on why Exchange Online Protection Blocks Email Senders

To fix the issue, you could configure outbound spam filtering in EOP to raise the sending limits. The default sending limits in the blog for your reference.

Attribution
Source : Link , Question Author : THE JOATMON , Answer Author : Joy Zhang

Leave a Comment