Your own domains are not being allow listed in an unsafe manner in Anti-Spam Policies.

Why This Matters

Allowing your own domains in an anti-spam policy creates a dangerous blind spot for email security. Malicious actors can exploit this trust to send phishing emails that bypass your spam filters, putting your organization at risk. Admins must ensure that internal domains are not whitelisted as they can be spoofed or compromised.

What Aether365 Checks

This check verifies that your tenant’s anti-spam policies do not include your own domain names in the allowed senders or domains lists. It appears in the Aether365 dashboard under microsoft-365 checks.