NOTE: The "fraud detection" alert is letting you know that the message may not be from who it says it is from. It is letting you know that you should review the message a little closer to make sure it is valid before clicking any links or responding.
Users may see more messages being flagged as failing fraud detection checks. The anti-spam service checks the headers of messages to verify the "From" field is the same as where the message originates. These messages may also get flagged as spam and moved to the Junk Email folder -- see How Do I Manage Junk Email and Spam for more information.
Examples of messages that may get the "fraud detection alert" -- using a 3rd party service to send a message "from" @uiowa.edu address, listserv messages, etc.
Spoofing is one of the common tactics of spammers. Spammers are becoming more creative in their messages. As a result many email domains are choosing to either block these messages more aggressively or to flag them for their users in hope that the user will stop and think or confirm a message before they click a link in the message.
For instance, if you use an outside vendor to send email with a From address of @uiowa.edu, the recipients may get the message.
Listserv lists also frequently get this message because the sender is using their email account as the From field, however, listserv lists will say From "firstname.lastname@example.org" which the anti-spam service thinks is spoofing the From field.
- Jane sends a message to email@example.com from Jane@gmail.com
- Listserv asks Jane to confirm that she sent the message.
- Jane says yes/ok.
- Listserv sends Jane's message to the firstname.lastname@example.org listserv on behalf of Jane.
- Jane's email gets delivered to her inbox and to the inbox of the other testlist subscribers.
Jane sees the failed fraud detection message because the email that she received has hidden information in it, referred to as message headers. The message header shows the message originated from Jane@gmail.com using an email server for @gmail.com. But the message header also shows that the listserv server sent the message from @list.uiowa.edu. @list.uiowa.edu is not part of @gmail.com email servers so Jane's spoofing check says that the message failed the fraud detection test (@gmail.com and @list.uiowa.edu do not match nor do they trust each other). We were able to fix this error for listserv senders and recipients within the @uiowa.edu domain by our server admins making certain changes to allow it. Unfortunately, for senders and recipients outside @uiowa.edu there is nothing that we can do to make this warning not happen.
For further information see: https://blogs.msdn.microsoft.com/tzink/2016/02/23/how-antispoofing-protection-works-in-office-365/