The Display Name Spoofing Detection Exception List specifies the email addresses of external senders that you believe are trusted and want to skip from display name check for email impersonation attacks using display name spoofing.
Display name spoofing is when an attacker forges the display name of an email message to make the message look like it comes from someone you know or a trusted source, for example, an executive of your organization, but the email address behind it is incorrect. Such attack aims to trick the victims into divulging sensitive personal or business information for sabotage or money.
As a global setting, the exception list is applicable to all enabled Advanced Threat Protection policies for your email service, that is, Exchange Online or Gmail.
Click Add, on the Add Email Address screen that appears, specify the email address that you want Cloud App Security to skip from display name check, and then click Save.
A maximum of 500 email addresses can be added.
Select one or multiple email addresses, click Delete to remove them from the exception list, and then click OK.