Improve support for mailing lists in spam/phishing filtering
When users are sending messages via a mailing list (mailman, for example), there is often a mismatch between the From: Header and the Sender: Header , there the From: is the real sender while Sender: is the mailing list's address. Most mailing lists implement this so replies work properly and so SPF works correctly. EOP/ATP sees this as a phishing attempt (which, admittedly could be the case). Adding the mailing list to the allowed senders does not work as ATP seems to be checking the From: header only, so stuff still gets blocked. Premier support always suggests creating transport rules to bypass spam filtering which is a solution that "less than ideal" would be an understatement. This means that spam, phishing, and malware sent through these lists doesn't get blocked and admins must maintain a list of mailing lists used by all users. As a university this is an impossible task as it's not realistic to keep up to date with every mailing list that each student, faculty member, or administrator may be participating in. Improving ATP/EOP to differentiate between spoofing as part of a mailing list and spoofing as part of a phishing attack would be incredibly helpful in reducing false positives.