Posey's Tips & Tricks

How To Configure Mail Protection in Office 365

Knowing how to edit the spam content filter means delving into how Microsoft determines which messages are junk.

As someone who writes about technology for a living, my e-mail address is plastered all over the Web. It's often included in author bios or attached to the byline on some of my articles. As you can imagine, this leads to an almost overwhelming amount of spam. Fortunately, Office 365 offers built-in spam protection. This spam protection is enabled by default, but is customizable by the administrator.

The really cool thing about spam filtering in Office 365 is that Microsoft provides spam filtering information on the Office 365 dashboard. The dashboard's Service Overview section contains listing for Mail Protection and the summary information listed beneath this listing tells you the number of messages that have recently been received and the number that have been processed by filtering.

If you click on Mail Protection, Office 365 displays filtering data graphically. This chart shows how many spam and malware messages have been recently received. The chart also shows the number of times that transport rules and DLP policies have been applied. Clicking on the chart brings up a list of the top recipients and how many messages each of those recipients has received. You can also use this view to change the chart's range. You can view messaging statistics for the last 7 days, 14 days, 30 days or 60 days.

Customizing the Office 365 antispam settings is relatively easy to do. You must begin by clicking on the launcher icon and then clicking Admin. This will cause Office 365 to display the Office 365 Admin Center. Now, navigate through the console tree to Admin | Exchange. This will launch the Exchange Admin Center.

Within the Exchange Admin Center, click on Protection and then click on the Content Filter tab. When you do, you should see the content filters listed, and the Enabled checkboxes should be selected. Office 365 gives you the ability to create additional content filters by clicking on the icon that looks like a plus sign.

Before I explain how to edit the content filter, I need to take a moment and explain how spam filtering works. Microsoft's entire approach to malware filtering revolves around the use of a calculated value called the Spam Confidence Level, or SCL for short. The higher a message's SCL value is, the more likely the message is to be spam.

Microsoft doesn't reveal its exact formula for calculating a message's SCL (nor should it), but Microsoft has dropped a number of hints over the years. It seems that the SCL may be based on factors such as domain blacklists, the sender's domain or E-mail address, words or phrases within the message and the number of people who have received copies of the same message and reported it to be spam.

The SCL is a numerical value between -1 and 9. Messages with an SCL of -1 are never treated as spam. Those messages come from a safe sender, safe recipient or a trusted partner. Messages that have an SCL of 0 or 1 are treated as legitimate mail. Those messages have been scanned and have been determined not to be spam.

Messages with an SCL of 5 or 6 are treated as spam. Messages with an SCL of 6 are more likely to be spam than messages with an SCL of 5. Messages that have an SCL of 9 are what Microsoft refers to as high confidence spam. These are messages that are almost guaranteed to be spam.

You probably noticed that I skipped a few numbers. The reason for this is that Microsoft does not use SCL ratings of 2, 3, 4, 7, or 8.

So now that I have talked about SCL levels, let me show you how to edit a content filter. To edit the filter, select it and then click the Edit icon. This brings up the Edit Anti-Spam Policy screen, which allows you to control the way that spam is dealt with.

The screen's Spam and Bulk E-mail Actions section lets you control what happens to spam and to high confidence spam. By default, both are moved to the Junk E-mail folder. You can control whether or not bulk e-mail is treated as spam and you can control the threshold at which bulk e-mail is treated as spam.

The International spam section allows you to treat foreign language messages as spam. You can opt to filter out messages originating from specific countries or messages that were written in a language that you don't speak.

The Advanced options section allows you to control the types of messages that are treated as spam. For example, you can opt to treat empty messages as spam. Similarly, you can treat a message as spam if it contains an image that links to a remote site.

As you can see, Office 365 gives you a high degree of control over inbound spam. There is even a test mode that is configurable through the Advanced Options section that you can use to test your configuration prior to use so that you can see what your filter configuration would do without risking accidentally filtering out legitimate messages.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.


comments powered by Disqus

Subscribe on YouTube