New Contributor

Hey All,

 

My company recently received a spoofed phishing email from noreply@[companyname].com and it passed through both our spam and phishing filters.  Upon further inspection, it had an SPF fail and originated from Vietnam (Which we block all emails from).  My question is that when submitting the email under Threat Management -> Submissions in the Office 365 Security & Compliance Center, this is what I get when its submitted:

Review your Tenant policy (verdict override). At the time of delivery, you had sufficient security mechanisms to block this threat. However, they were overridden by your Tenant policy (verdict override)
 
I looked in all of the setting and can't find where this email would have sneaked through.
 
Any thoughts?
www.000webhost.com