Image by Thought Catalog

Post Details

  • ALIF Consulting

Spam Filter in Office 365

Updated: Mar 23

Exchange Online Protection – Office 365 Spam Filter


Protection from spam and malware, while maintaining access to email during and after emergencies. Exchange Online Protection provides a layer of protection features that are deployed across a global network of datacenters. It also makes the administration of your messaging environments simpler and easier. This service is also available with Exchange Online plans.


Every mail sent to a recipient mailbox passes through four layers of protection. The sender’s identity is verified and then the message passes through the spam-filter for malware detection. The next layer of filtration is the custom policies specific to the organization that has implemented the EOP. The last layer of filtration is applied to the content of the messages to look for red flags such are keywords that are commonly found in junk email based on historical data available from user feedback. The mails that do not pass through the filters are sent to Quarantine, Junk Mail or any folder specified in the workflow.

When you buy Exchange Online Protection, it starts with a quick set up of the Protection process without any hassles or data loss.


Precedence level of EOP filtering for mail flow:




Features of Office 365 Exchange Online Protection


Total Security

Exchange Online Protection adds advanced security to your information. Eliminate threats before they reach the corporate firewall with multi-layered, real-time anti-spam and multi-engine anti-malware protection.


Maintain Control

Manage and administer from the Exchange Administration Center, a single web-based interface. Active content, connection, and policy-based filtering enable compliance with corporate policies and government regulations.


International Spam Filtering

You can configure the Exchange Online Protection to filter messages written in specific languages or sent from specific countries or regions. You can configure up to 86 different languages and 250 different regions.


Real-time Insights

Near real-time reporting and message trace capabilities provide insight into email environments by retrieving the status of any message that Exchange Online Protection processes.


Prevent Loss of Mails

You can get the service set up and running quickly with a simple MX record change. Ensure that no email is lost or bounced; automatically queue up the email if the destination email server becomes unavailable for any reason.


Risk-free emails

Protect your company's IP reputation by using distinct outward delivery pools for high-risk email. Five financially backed SLAs assure highest levels of service, including protection from 100% of known viruses and 99% of spam.


Bulk Mail Filtering

Enhanced detection methods help in identifying bulk email messages. You can tag bulk email messages through the user interface and also create Transport rules to strongly filter bulk mail by examining the header stamp.


Customize Content Filter

For greater granularity, you can create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy.


Easy to Manage

No hardware or software required to install, manage, and maintain, which minimizes up-front investment. Make IT environments simpler and cut down in-house email security servers and applications.


Message Tracing

As an administrator you can follow the email messages as they pass through the service. This proves useful for you to determine whether a targeted email message was received, rejected, deferred, or delivered by the service.


How an email can be marked as spam:

A lot of factors can contribute to an email being marked as spam by the EOP servers,

for example:


  1. If the SPF (Sender Policy Framework)check fails.

  2. If the sender address and reply to/return path does not match.

  3. If the P1 and P2 headers do not match [If the email has multiple/different "FROM:" address].

  4. If the DMARC and DKIM check fails.

  5. If the emails are a bulk email / mass mailer

  6. If the emails are coming from an IP that has a bad reputation or is used to send spam emails in past.

  7. If the content of the emails or attachment is considered suspicious.

  8. Apart from this there are many other factors that play a role like office 365 thresholds, unfortunately these thresholds are not publicly available as the spammers may use this information against Office 365 to send spam messages without reaching the threshold.

Unfortunately, If the senders seem to have met all the above criteria due to which the email could not be marked as spam.

We can definitely help block these types of emails in future by submitting the sample emails junk@office365.microsoft.com

For submitting phishing emails, you can submit those emails on phish@office365.microsoft.com.




23 views0 comments

Recent Posts

See All