introduction
as mentioned previously : SPAM filter come in forth place of EOP tools to check email before send email to user mailbox
To help reduce junk email : EOP includes junk email protection that uses proprietary spam filtering technologies to identify and separate junk email from legitimate email
SPAM Filter Facts
- SPAM policy could take hour to take effect
- We can check our quarantine area : https://protection.office.com/quarantive
Anti SPAM vs tenant list portal
anti-spam technologies are useful when you want to allow or block messages based on the message envelope (for example, the sender’s domain or the source IP address of the message).
BUT,,,
To allow or block messages based on payload (for example, URLs in the message or attached files), then you should use the Tenant Allow/Block List portal.
SPAM filtering Continues improvement
EOP spam filtering learns from :
- known spam
- phishing threats
- user feedback from microsoft consumer platform, Outlook.com.
- beside of incoming SPAM filtering : Also Ongoing feedback from EOP users in the junk email classification program helps ensure that the EOP technologies are continually trained and improved.
SAPM filter Options :
SPAM filter have many options including BUT NOT limited to
- We can filter specific sender or domain as allow list
- We can filter specific sender or domain as block list
- We can filter email from specific language
- We can filter email from specific country or specific region
- We can increase spam score based on spammy indicator
- Mark email as spam based on email properties
- Use Test mode for zero-impact policy testing : which allow to
- Add default x-header text
- Or send BCC message
Action available when filter spam
with SPAM policy we have many action to be taken when detect SPAM email , including But NOT limited to :
- Move email to junk folder
- Quarantine email
- Delete Email silently
- Add X-header
- Prepend subject line
- Redirect Email to anther email address : for example to direct manager of recipient or even QA department
SPAM score :
to help dealing Email >> SPAM filtering make ranking for EMail as the following :
- -1 : trusted source
- 0-1 : NOT SPAM
- 4-5 : Likely SPAM
- 7-8-9 : Highly Confident SPAM
- Please note : 2-3 : nothing listed
SPAM filter with domain DNS record
If you own an email domain [which in our case networkspioneers.com rather than Pioneers101.OnMicrosoft.com ] >> you can use DNS to help insure that messages from senders in that domain are legitimate
To help prevent spam and unwanted spoofing in EOP, use all of the following email authentication methods:
SPF
Sender Policy Framework verifies the source IP address of the message against the owner of the sending domain.
DKIM
DomainKeys Identified Mail adds a digital signature to the message header of messages sent from your domain.
DMARC
Domain-based Message Authentication, Reporting, and Conformance helps destination email systems determine what to do with messages that fail SPF or DKIM checks and provides another level of trust for your email partners.
in Network Pioneers Labs : we will have separate articles how to improve domain name , SO… please keep with us
SPAM Filter in Hybrid Exchange Env
- in hybrid exchange : EOP will route spam to on-premise mailbox , but can’t deliver to junk folder
- so the solution is to follow : http://bit.ly/HybridExchangeSpamRules https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ensure-that-spam-is-routed-to-each-user-s-junk-email-folder?redirectedfrom=MSDN&view=o365-worldwide
- the solution briefly set the SCL higher than SCLjunkThreshold of your organization
- tecknet says to use SCL 6 , but we have to use higher value for example value 9
