What are we announcing?
- On November 1, 2016, Microsoft will stop generating updates for the SmartScreen spam filters in Exchange Server 2016 and earlier (2013, 2010, 2007), Outlook 2016 for Windows and earlier (2013, 2010, 2007) and Outlook 2011 for Mac.
- The SmartScreen spam filter will be removed from future versions of Exchange Server and Outlook for Windows. (SmartScreen is not available in any other version of Outlook).
- This announcement does not affect the SmartScreen Filter online protection features built into Windows, Microsoft Edge and Internet Explorer browsers. While branded similarly, those features are technically distinct. These SmartScreen Filters to help people to stay protected from malicious websites and downloads.
What is SmartScreen? What does it provide customers today?
In Exchange and Outlook, SmartScreen is a spam content filter. It evaluates each message and returns an overall Spam Confidence Level (SCL). Items that are rated as spam are sent to Outlook’s Junk folder.
Microsoft provides periodic updates to the filters, and administrators and users can download and install the updates to improve their junk email protection. For more details, see articles describing how this was done for Exchange Server and Microsoft Outlook.
In Windows, Microsoft Edge and Internet Explorer browsers, the SmartScreen Filter online protection feature helps consumers to stay protected from malicious websites and downloads. This feature is not affected and it is not subject of the today’s announcement.
Why is Microsoft deprecating support for SmartScreen in Outlook and Exchange?
SmartScreen spam filters in Outlook and Exchange Server have become obsolete and have been replaced by Exchange Online Protection (EOP), a more effective cloud-based email filtering service. EOP is built into all Office 365 and Outlook.com accounts and available for purchase to protect on-premises Microsoft Exchange Server.
This spam filtering technology was first released in 2003, which provided Outlook and Exchange a content filter able to identify spam campaigns and direct them to the Junk folder. As spammers have evolved and increased the volume and sophistication of their attacks, this type of spam prevention is no longer a useful way to prevent spam.
For example, spammers now routinely randomize their campaigns and use reputation hijacking from legitimate sending domains to trick content filters. Spam attacks no longer take days and weeks em; they often complete or significantly morph within minutes. To be effective, filters should be real-time, always tapping into the intelligence of email campaigns happening within recent minutes or hours.
Further, SmartScreen often conflicts with EOP (or other 3rd-party cloud filtering solutions). This is especially painful when emails declared legitimate by upstream filters or administrator policies (e.g. IP Allow Lists, ETRs) are actually junked by SmartScreen, because SmartScreen is unaware of the upstream settings.
Microsoft developed Exchange Online Protection to protect Office 365 and Outlook.com mailboxes and remove the need for SmartScreen. Most customers using Exchange Server (on-premises) have either added EOP or use a 3rd-party filtering service or appliance to sanitize their mail flow.
What is Exchange Online Protection (EOP)?
Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect end users and organizations against spam and malware, and includes features to safeguard organization from messaging-policy violations. EOP is backed by a modern spam filtering stack, where content filters have a lesser role and sending IP and domain reputation, authentication, campaign detection, and spammer hosting infrastructure reputation are now responsible for filtering.
For more details, review the EOP documentation on TechNet and this help article on Office 365 email anti-spam protection.
What will happen on November 1, 2016?
Microsoft will stop producing new spam definition updates to the SmartScreen filters in Exchange and Outlook. The existing SmartScreen filter and definitions will be left in place, and continue to provide a basic level of protection. The current definition will continue to junk some obvious spam emails, with an effectiveness that will degrade over time.
As stated above, most users are protected by superior spam filtering arrangements and should not experience any change in their email experience or see an increase in spam.
Again, this change does not affect the SmartScreen Filter online protection feature built into Windows, Microsoft Edge and Internet Explorer browsers.
Will the deprecation of SmartScreen have any impact on users using Outlook with Office 365 or Outlook.com?
No. Customers using Outlook with Office 365 (for work email) or Outlook.com (for personal email) already have the advanced spam and malware protection found in Exchange Online Protection built into those services. These customers don’t need to take any action.
Note: Some Office 365 customers may have replaced EOP with a 3rd-party filtering solution. Those customers will also continue to be protected by those solutions and do not need to take any action.
Will the deprecation of SmartScreen have any impact on users using Outlook with Exchange Server (on-premises)?
Most likely not. Due to the reasons stated earlier, SmartScreen has stopped being a useful tool for combatting spam. The vast majority of customers using Exchange Server have either added Exchange Online Protection or use a 3rd party filtering service or appliance to sanitize their mail flow.
Customers using Exchange Server should ensure they have their spam protection solution properly configured before November 1, 2016. Customers not using a separate antispam solution today can purchase Exchange Online Protection for $1/user/month.
Will the deprecation of SmartScreen have any impact on users using Outlook with Gmail, Yahoo or other online email solutions?
Customers using Gmail, Yahoo or other online email solutions will be protected by the spam and malware protection found in those services.
How does this deprecation impact Outlook’s Junk Email Options?
Outlook’s Junk Email Options stay the same. Since the existing SmartScreen filter and definitions will be left in place, the Options tab will continue to control the SmartScreen protection level. As noted above, those definitions will continue to junk some obvious spam emails, with an effectiveness that will degrade over time.
The other tabs are user driven settings and not related to SmartScreen. They will be unaffected by this change (e.g. items in your Safe/Blocked Senders list will still be filtered per your settings).
Check out this help article for more on how the Junk Email options work.
Will I still have a Junk folder in Outlook?
All customers will continue to have a Junk folder.
For customers using Outlook with their mailbox in Office 365 or Outlook.com, emails landing in the Junk folder will be determined by Exchange Online Protection (or a 3rd-party solution) or by Outlook’s Blocked Senders list.
Customers using Outlook with other email servers or services will benefit from upstream email filtering (such as EOP or 3rd party solutions) in their respective environments. These email providers and filters will send items to Outlook’s junk folder.
Does this affect the SmartScreen technologies in Windows, Edge and Internet Explorer?
As stated earlier in this article, deprecating SmartScreen in Exchange and Outlook does not impact the SmartScreen Filter online protection feature built into Windows, Microsoft Edge and Internet Explorer browsers to protect users from malicious websites and downloads. Those protection tools will remain in place. For more information on how these SmartScreen technologies provide protection, see this link for Windows and this for Edge.