Using impersonation insight to view domains that are sending phishes, there are several that are being delivered, even though our policy is to quarantine.
One domain that is commonly abused is icloud.com. Although, there are some false positives being labeled as impersonated and being delivered, but most are nasty phishes.
Instead of quarantining, is Microsoft adding a hit to the score to move to quarantine?
Why aren't all these impersonations of our domain being blocked? The rule specifically says to quarantine all domain impersonations:
