Reduce Spam in Exchange Online Immediately (Part1)
One of the major issue with Office 365 and Exchange Online is the massive amount of spam and e-mail that comes with malicious content including phishing.
The volume of the malicious content grows each month significantly and doubles itself in such a way that organizations have difficulty with the situation.
As a result of spam and malicious content, a number of problems occur:
- The user experience is impaired
- There is a rise in phishing attacks
- System administrators spend a lot of time managing day to day
In most cases, the problem is due to misconfiguration and daily management at Exchange Online
- The problem even occurs in third-party products that integrate with Exchange Online.
- It’s important to emphasize that the problem can be significantly reduced to 90% of all such malicious traffic.
How to Reduce Massive Spam and Malicious Content
Exchange Online Protection Attachment Type Filter- This filter triggers the Malware Detection Response which looks for mail flagged as malicious for blacklisted email attachments. This value is disabled by default, and its recommended to enable this feature under Protection Malware Filter by selecting the applied Malware filter policy and toggling the setting to On.
Exchange Online Protection Custom Malware Filter – You can work with specific malware filter to block and harden with the same way in the previous point, but when to add another anti-malware policy it allows you to configure some conditions such as Domain and Recipient.
Exchange Online Protection Filter International Spam – Entire countries and languages may belong to regions your organization may never do business with and may only ever receive an email from a specific country. You can leverage the configure International Spam features to block emails based on the language used in the content of the email body or the specific country the email has originated from to further improve your spam filtering performance.
Exchange Online Protection Advanced Options – You can also take action to mark a message as spam based on whether the message contains an Empty Message, contain scripts in the content of the message and other configurable items. Of these, the SPF record: hard fail and Numeric IP address in URL are items worth considering enabling at a minimum. There is also an option to toggle on the Advanced Options in a test mode only so that admins can see the efficacy of these options first before actually applying spam actions to messages.
Exchange Transport Rule (ETR) – Block unwanted onmicrosoft domain because recently there is a new phishing attack that is unique to the domain from which the campaign was sent. The attackers open and create a valid Tenant in the Office 365 service and as a result (naturally) a domain with the onmicrosoft.com extension is opened.
Exchange Transport Rule with Text Pattern -You can set content filters for spam and bulk email using the default spam content-filter policies. But you’ve many other ways such as filter bulk messages. You can create Exchange Transport rules to search for text patterns or phrases frequently found in bulk emails. Any message containing these characteristics will be marked as spam. In Exchange Transport Rule you can subject or body matches these text patterns, such as:
- \>(safe )?unsubscribe( here)?\</a\>
- If you do not wish to receive further communications like this, please
- \<img height=”?1″? width=”?1″? src=.?http://
- To stop receiving these\s+emails:http://
- To unsubscribe from \w+ (e-?letter|e?-?mail|newsletter)
Reduce malware threats – Most malware that enters through email does so through an executable payload that attached to an email message. You can reduce malware threats through file attachment blocking with Exchange Transport Rule.
These highlights are only a very small part of all possible options to reduce the amount of spam and malicious content with Exchange Online, and in the following articles, we will focus on additional highlights and options for reducing threats from the Exchange Online.