Protection against spam in EOP (Exchange Online Protection)

Protection against spam in EOP

Email communications are automatically safeguarded against spam (junk email) by Exchange Online Protection (EOP) in Microsoft 365 enterprises with mailboxes in Exchange Online or independent Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.

Microsoft’s agenda for email security uses an unequalled cross-product strategy. To give users access to the most recent anti-spam and anti-phishing tools and technologies throughout the network, EOP anti-spam and anti-phishing technology is implemented across our email systems. The objective of EOP is to provide a thorough and functional email service that aids in the detection and protection of users from spam, fraudulent email threats (phishing), and viruses.

Email abuse has increased along with email use. Unchecked spam email may slow down genuine email conversations, jam networks and inboxes, and affect user happiness. Microsoft keeps investing in anti-spam solutions for this reason. It begins by containing and filtering spam email, to put it simply.

EOP anti-spam technology

EOP contains junk email protection that employs specialized spam filtering technologies to recognize and distinguish junk email from valid email in an effort to decrease spam. Known spam and phishing threats, as well as user comments from our consumer platform,, are used to inform how EOP spam filtering operates. The junk email categorization programmed uses EOP users’ ongoing feedback to assist guarantee that the EOP technologies are continuously developed and improved.

Using the IP Allow List, IP Block List, and the safe list, connection filtering: identifies good and harmful email source servers at an early stage of the incoming email connection (a dynamic but non-editable list of trusted senders maintained by Microsoft). These options are configured in the connection filter policy

The spam filtering verdicts Spam, High confidence spam, Bulk email, Phishing email, and High confidence phishing email are used by EOP to categorize communications. By utilizing quarantine policies, you can determine the actions to be taken based on these determinations as well as what users are permitted to do with quarantined messages and whether users get quarantine notifications.

Outbound spam filtering: EOP additionally verifies that your users aren’t sending spam, either by going over the allotted number of outbound messages or by include spam in the body of outbound messages. See Configure outbound spam filtering in Microsoft 365 for additional details.

control spam filtering mistakes

It’s possible for spam to be sent to the Inbox or for legitimate communications to be mistakenly flagged as spam (a situation known as false positives) (also known as false negatives). To determine what transpired and contribute to its future avoidance, employ the tips in the following sections.

The following recommendations are appropriate in both scenarios:

  • Misclassified communications should always be reported to Microsoft. See Report messages and files to Microsoft for further details.
  • Look at the headers of the anti-spam messages: You can find out from these values why a message was flagged as spam or why it evaded spam screening. Check see Anti-spam message headers for further details.
  • Point your MX record to Microsoft 365: We always advise having email sent to Microsoft 365 first so that EOP can offer the optimum security. Create DNS records at any DNS hosting provider for Microsoft 365 for instructions.
  • Use email authentication: If you are the owner of an email domain, you may use DNS to verify the identity of message senders. Use every one of the following email authentication techniques to assist in reducing spam and undesired spoofing in EOP.
  • SPF: Sender Policy Framework checks the message’s source IP address against the transmitting domain’s owner. See Set up SPF to help avoid spoofing for a brief introduction to SPF and instructions on how to rapidly implement it. Start with How Microsoft 365 employs Sender Policy Framework (SPF) to avoid spoofing for a deeper knowledge of how SPF is used by Microsoft 365, as well as for troubleshooting or non-standard installations like hybrid deployments.
  • Digital signatures are added to the message header of emails sent from your domain via DKIM, or DomainKeys Identified Mail. To learn more, go to Microsoft 365’s Use DKIM to verify outbound email received from your custom domain.
  • DMARC: Domain-based Message Authentication, Reporting, and Conformance adds another level of trust for your email partners by assisting destination email systems in deciding what to do with messages that fail SPF or DKIM checks. See Use DMARC to verify email in Microsoft 365 for additional details.
  • Check the parameters for your mass email: Bulk email, commonly referred to as grey mail, is either identified as spam or not depending on the bulk complaint level (BCL) threshold that you establish in anti-spam policy. The Mark As Spam Bulk Mail PowerShell-only setting, which is enabled by default, also adds to the outcomes.

Stop spam from being sent to your inbox.

  • Check the parameters for your company: Be wary of configurations that allow communications to bypass spam filters (for example, if you add your own domain to the allowed domains list in anti-spam policies).
  • Use the banned sender lists that are available: See Create prohibited sender lists for more details.
  • Stop receiving mass emails. Consider just asking the user to unsubscribe if the communication is something they signed up to get (newsletters, product announcements, etc.) and it includes an unsubscribe link from a reliable source.
  • Create mail flow rules in on-premises Exchange for standalone EOP spam screening decisions. You must set up mail flow rules (also referred to as transport rules) in on-premises Exchange in hybrid settings when EOP safeguards mailboxes there. The junk email rule in the mailbox can shift the item to the Junk Email folder thanks to these mail flow rules, which interpret the EOP spam filtering decision. Configure EOP to transport spam to the Junk Email folder in hybrid environments for more information.

Stop identifying legitimate email as spam.

Here are some actions you may take to lessen the likelihood of false positives:

confirm that the Outlook Junk Email Filter is off: When the Outlook Junk Email Filter’s default setting of No automatic filtering is selected, the programmed makes no attempt to identify messages as spam. The Outlook Junk Email Filter employs its own SmartScreen filter technology when it is set to Low or High, which increases the possibility of false positives. The SmartScreen filters in Exchange and Outlook no longer receive updates from Microsoft for spam definitions as of November 2016. The current SmartScreen spam criteria were kept in place, although it’s probable that over time they will become less effective.

  • Make sure the “Safe Lists Only” option in Outlook is off. Only emails from senders on the user’s Safe Senders list or Safe Recipients list are sent to the Inbox when this setting is activated; all other emails are automatically forwarded to the Junk Email bin.

Laws against spam

At Microsoft, we think that strong governmental frameworks and legal guidelines are essential to the advancement of innovative technologies and self-regulation. Numerous legislative authorities have been motivated to control business email as a result of the global spam epidemic. Laws to combat spam are now in place in several nations. Spam is governed by both federal and state legislation in the United States, and this complementing strategy is assisting in reducing spam while promoting real e-commerce. The CAN-SPAM Act broadens the range of instruments available to combat misleading and fraudulent email messages.

Professional Labs is the premier cloud managed service provider in GCC. Contact us for more information
Contact Us | Professional labs (