Exchange Online Protection – Still Received An Unwanted Email?
Exchange Online Protection provides enterprise-class reliability and protect against spam and malware, while maintaining access to email during and after emergencies. It provides a layer of protection features that are deployed across a global network of data centers, helping you to simplify the administration of your messaging environments.
Reiterating our SLAs.
- Five financially backed SLAs attest to a high quality of service, including protection from 100% of known viruses and 99% of spam.
- Globally load-balanced network of data centers helps to ensure a 99.999% network uptime.
However, it is important to understand that while EOP will eliminate unwanted emails – but for a few organizations, with specific requirements, IT administrators can customize EOP policies. And, EOP also learns from end-user reporting and gradually streamlines itself.
Plan of Action.
- Tweak
- Set anti-spam options
Mange your connection filters by adding IP addresses to IP Allow and IP Block lists. Learn more at Configure the Connection Filter Policy and Safe Sender and Blocked Sender Lists FAQ.
Phishing: It's recommended that organizations who are concerned about phishing turn on the SPF record: hard fail and Conditional Sender ID filtering: hard fail options. Learn more at Configure Content Filter Policies and Advanced Spam Filtering Options.
Spoofing: When you set up EOP, you added an SPF (sender policy framework) record for EOP to your DNS records. The SPF record helps prevent spoofing. For more information about how an SPF record prevents spoofing and how you can add your on-premises IP addresses to the SPF record, see Customize an SPF Record to Validate Outbound Email Sent from Your Domain
If you are using the default content filter action, Move message to Junk Email folder, in order to ensure that this action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that Spam is Routed to Each User's Junk Email Folder.
- Set Anti-Malware options
Review and fine tune your malware filter settings in the EAC. Learn more at Configure Anti-Malware Policies.
- Create Transport Rules
Create transport rules (custom filters) to meet business needs.
When you deploy a new rule to production, select one of the test modes first to see the effect of the rules. Once you are satisfied that the rule is working in the manner intended, change the rule mode to Enforce.
When you deploy new rules, consider adding the additional action of Generate Incident Report to monitor the rule in action.
If you are in a hybrid deployment configuration, with part of your organization on-premises and part in Office 365, you may want to create rules that apply to the entire organization in a seamless manner. You can only do this if you use predicates and actions that are available both on-premises and in Office 365. While most predicates and actions are available in both deployments, there is a small set that are specific to a particular deployment scenario. Learn more at Transport Rules.
- Set anti-spam options
- Report Microsoft – How?
- For Spam
False Positive?
- Release
- Release a Quarantined Message and Optionally Report it as a False Positive (Administrators).
- Release a Quarantined Message and Optionally Report it as a False Positive (End Users).
- If you use the Move message to Junk Email folder action when configuring your content filters (this is the default action), end users can release false positive messages in their Microsoft Outlook or Microsoft OWA Junk Email folder using the Not Junk right-click menu option. In this case, the message is not automatically submitted and must be submitted via email, as described in the following procedure.
- Send to not_junk@office365.microsoft.com.
- For Malware
False Negative? (submit a sample)
If you have received malware such as a virus that made it past the filter, please save a copy of the email message with its attached virus, go to the Malware Protection Center and submit a sample using the detailed instructions on that page. When submitting the file, in the Product drop-down list select Other, select the I believe this file contains malware option, and in the Comments field specify Exchange Online Protection. After we receive the sample, we'll investigate and if it's determined that the sample contains malware, we'll take corrective action to prevent the virus from going undetected.
False Positive? (submit a sample)
Similar to submitting malware, go to the Malware Protection Center and submit a sample using the detailed instructions on that page. When submitting the file, in the Product drop-down list select Other, select the I believe this file should not be detected as malware option, and in the Comments field specify Exchange Online Protection. After we receive the sample, we'll investigate and if it's determined that the sample is clean, we'll take corrective action to prevent the file from being detected as malware.
- Troubleshoot
- Troubleshoot general issues and trends by using the reports in the Office 365 admin center or the Excel reporting workbook. Find single point specific data about a message by using the message trace tool. Learn more about reporting at Reporting and Message Trace in Exchange Online Protection. Learn more about the message trace tool at Trace an Email Message and Message Trace FAQ.
- Help and Support for EOP
Anti-Spam and Anti-Malware Dig In Anti-Spam and Anti-Malware Protection
Safe Sender and Blocked Sender Lists FAQ
Manage Safe Sender Lists for Bulk Mailers
Configure the Anti-Spam Policies
Configure the Connection Filter Policy
Configure Content Filter Policies
Advanced Spam Filtering Options
Configure End-User Spam Notifications in Exchange Online
Configure the Outbound Spam Policy
Sample Notification When a Sender is Blocked Sending Outbound Spam
Request That a User, Domain, or IP Address Be Removed from a Block List After Sending Outbound Spam
High Risk Delivery Pool for Outbound Messages
Submitting Spam and Non-Spam Messages to Microsoft for Analysis
Junk Email Reporting Add-in for Microsoft Office Outlook
Install and Uninstall the Junk Email Reporting Add-in for Microsoft Office Outlook
Report Junk Email Messages to Microsoft
Troubleshooting and Support Information
Use Transport Rules to Block Spam Reporting to Microsoft
Release a Quarantined Message and Optionally Report it as a False Positive (Administrators)
Release a Quarantined Message and Optionally Report it as a False Positive (End Users)
Configure Anti-Malware Policies
Further Research
Usual Topics
Exchange Online Protection Overview
EOP Queued, Deferred, and Bounced Messages FAQ
Set Up Mail Flow Through Exchange Online Protection
Forefront Online Protection for Exchange (FOPE) Transition Center
Understand how Licensing Works After Your Transition
Switch to EOP from Google Postini, the Barracuda Spam and Virus Firewall, or Cisco IronPort
Use Inbound and Outbound Connectors to Configure Custom Mail Flow
Test Mail Flow with the Remote Connectivity Analyzer
Inbound and Outbound Connector FAQ
Scenario: Outbound Smart Hosting
Scenario: Regulated Partner with Forced TLS
Scenario: Conditional Mail Routing
Best Practices for Configuring EOP
Exchange Online Protection IP Addresses
Recipient, Domain, and Company Management in EOP
Manage Admin Role Group Permissions in EOP
View or Edit Managed Domains in EOP
Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients
Messaging Policy and Compliance in EOP
Anti-Spam and Anti-Malware Protection
Reporting and Message Trace in Exchange Online Protection
Exchange Admin Center in Exchange Online Protection