QuestionPro - Fraud detection tag on email invites

1. Copy the internet headers from the email tags on which you are getting the fraud detection message.

2. Paste it on the message analyzer of https://testconnectivity.microsoft.com/

3. When you analyze headers, you need to check few details under Forefront Antispam Report Header. Everything is correct except for IP Filter Verdict.

4. When you click on NLI in IP Filter Verdict, you will get to know that the IP address was not listed on any IP reputation list.

It is because of edge transport server which applies to exchange server 2016.

Edge Transport servers provide Internet mail flow, antispam, and mail flow rules for your Exchange Server 2016 organization.

Edge Transport servers handle all inbound and outbound Internet mail flow by providing mail relay and smart host services for your Exchange organization. Agents running on the Edge Transport server provide additional layers of message protection and security. These agents provide protection against spam and apply transport rules to control mail flow. All of these features work together to help minimize the exposure of your internal Exchange to threats on the Internet. Please click here for details.

To Fix this:

• We need to configure QuestionPro IP in Allow List Properties.
• When the IP Allow List feature is enabled on a computer, the Connection Filter agent analyzes all messages that come through all Receive connectors on that computer and it routes all messages from the addresses in the IP Allow list without additional processing by other anti-spam agents.
• Please refer the steps on how to use the EMC to manage the IP Allow list. This can be done by your IT team. This needs to be done because maybe your company is using edge exchange server and there are protocols on it which is an extra layer of message protection and security on Edge Transport Servers.
• Once done please check the internet header tags again and under IP filter verdict if we get IPV:CAL, then the issue is fixed.