Office 365 - List/Newsletter Web Form Attacks and How to Protect your Office 365 Account
This document explains how to protect your UW-Madison Office 365 account from email list and newsletter web form attacks. These types of attacks target user email accounts by flooding their Inboxes with web form messages (e.g. "sign-up confirmation", "response received") and are a type of denial of service attack. See below for steps to take to protect your individual Office 365 account.
Create an Inbox rule in Outlook on the web with the following settings:
Message header includes: List-Unsubscribe, List-Id:, LIST_HEADER
Move to: a folder of your choice for further review or deletion.
- Recipient address includes: feel free to include campus address domains @lists.wisc.edu and @g-groups.wisc.edu in your exceptions so that WiscList and Google Groups messages don't get diverted by this Inbox rule. Add any other domains or specific email addresses you don't want affected by the rule, as well.
- Office 365 - Recommended tools to manage Inbox
- Office 365 - Learn about junk email and phishing
- Office 365 - Mail System Scam warning
- Office 365 (Outlook for Windows) - Overview of the Junk Email Filter
- Office 365 (Outlook for Mac) - About junk e-mail protection
- Office 365 - Why am I getting bounced messages for email I didn't send?