Exchange Online Protection : SPAM filter Part II : Samples

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

in previous article we have discuss anti SPAM filter concepts 

 this article we will see how to create anti SPAM filter with some case study , please back to SPAM filter part I before practicing 

who can configure anti-SPAM policy

as mentioned previously [please back to  first article of EOP ]  : the users with the following Rules can configure EOP policies :

  • global admin 
  • exchange admin 
  • security admin  

Admins can view, edit, and configure (but not delete) the default anti-SPAM policy to meet the needs of their organizations


Also  admin can also create custom anti-SPAM policies that apply to specific users, groups, or domains in your organization.

Custom policies always take precedence over the default policy, but you can change the priority  of your custom policies.

built-in anti-spam policy

very organization has a built-in anti-spam policy named Default that has properties:

  • The policy is applied to all recipients in the organization, even though there’s no spam filter rule (recipient filters) associated with the policy. >> in simple words : we have policy without Rule
  • The policy has the custom priority value Lowest that you can’t modify (the policy is always applied last). Any custom policies that you create always have a higher priority.
  • The policy is the default policy (the IsDefault property has the value True), and you can’t delete the default policy.
to access default anti-SPAM policy https://protection.office.com/antispam 
 
select anti spam policy
default anti spam policy couldn't be stop or deleted and have lowest priority
properties of default policy

sample 01 : allow domain to pass PAM filter

NetwroksPioneers.com has another sister company called Net-pioneers 

company policy state that email from domain Net-pioneers.com sould pass anti-SPAM policy as it come from trusted domain 

first open SCC Security & Compliance Center >> threat management >> policy >> anti spam policy  https://protection.office.com/antispam

create new policy
set name and description
from Allow list >> edit allowed domain
add domain net-pioneers.com as allowed
any SPAM policy should be applied to person or domain : in all our cases we will select whole domain to applied to
applied to both domain name : networkspioneers.com and pioneers101.onmicrosoft.com
policy is created and ofcourse wait 1 hour so policy will take effect

sample 02 : Mark domain as SPAM

company has requirement to mark any email from free email [gmail and yahoo ] as spam 

open SCC Security & Compliance Center >> threat management >> policy >> anti spam policy  https://protection.office.com/antispam 

then create new policy 

set policy name
from blocked domain : add gmail and yahoo
in action : select add Xheader to message
header text
like any spam policy : we should set applied to whom 🙂
policy created just wait 1 hour so policy take effect
send email from fmail

Sample 03 : check email from other languages

company policy state that any message with arabic and chinese language should be check for SPAM 

open SCC Security & Compliance Center >> threat management >> policy >> anti spam policy  https://protection.office.com/antispam

and create policy 

set name and from international spam >> edit languages
add chinese and arabic lang
of course like any spam policy : applied to should be set

sample 04 : email from specific Counties

company policy state any email from iran or turkey or afghanistan : >> should be check for spam 

open SCC Security & Compliance Center >> threat management >> policy >> anti spam policy  https://protection.office.com/antispam

create new policy 

set policy name
from international lang >> edit countries and region
select your countries
select applied to
policy created but need 1 hour to take effect

sample 05 : mark empty message as SPAM

company policy state that any empty message should be mark as spam 

 

open SCC Security & Compliance Center >> threat management >> policy >> anti spam policy  https://protection.office.com/antispam

 

create new policy 

set policy name
from [mark as spam option ] >> select empty message an set to ON
applied to whole domain

Conclusion

anti-spam policy is fourth EOP tool to check email 

anti-spam policy has manay many option : which require more practice 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us