Spam Filtering and Message Hygiene

 

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2012-12-04

All versions of the Microsoft cloud-based e-mail service use Forefront Online Protection for Exchange (FOPE) to combat spam and phishing. When messages are received at the gateway server for the cloud-based e-mail service, they are evaluated and assigned a spam confidence level (SCL) value. The SCL rating assigned to the message indicates the likelihood that the message is spam, based on the such characteristics as content, message header, and so forth. The SCL is added to the message metadata as the message travels through the cloud-based e-mail service infrastructure.

The SCL value is a numeral between 0 and 9. A higher rating indicates that a message is more likely to be spam. The cloud-based e-mail service infrastructure has fixed SCL thresholds that define the actions to be taken at specific SCL values.

 

SCL threshold

Action

SCL is 5 or greater.

The message is delivered to the cloud-based e-mail service, where it is delivered to the user's Junk E-Mail folder.

SCL is 4 or less.

The message is delivered to the cloud-based e-mail service, where it is delivered to the user's Inbox.

End users can configure lists of Safe Senders, whose e-mail should never be treated as spam, and Blocked Senders, whose e-mail should always be treated as spam.

User-managed spam filtering

By default, junk e-mail filtering is enabled on all mailboxes in the cloud-based e-mail service. Users can manage some spam settings for their own mailbox. For more information about how users can manage spam, see Junk E-Mail Settings.

Administrator-managed message hygiene with FOPE

Although all Microsoft cloud-based e-mail systems are protected by the FOPE infrastructure, the ability to manage message hygiene features with the FOPE Administration Center is limited to Microsoft Office 365 for enterprises and Live@edu administrators.

The following table describes the message hygiene features that you can manage in the FOPE Administration Center.

For more information about how to manage these features for Microsoft Office 365 for enterprises, see FOPE in Office 365 Feature Differences.

 

Area

Description

Anti-spam protection

Connection filtering using the Microsoft DNS-based block list.

Anti-spam protection

Content filtering from the Microsoft spam analysis team for real time SPAM updates

Anti-spam protection

Safe sender support

Antivirus

Multiple antivirus engine scanning at the FOPE gateway

Inbound mail control

Safe listing, skip listing

Inbound mail control

TLS encryption configuration and enforcement

Inbound mail control

Connection, content, and policy filtering

Outbound mail control

Custom outbound SMTP routing

Outbound mail control

TLS encryption configuration and enforcement

The spam filtering process

Two kinds of spam filtering are applied before e-mail is delivered to the cloud-based mailboxes:

  • Connection filtering   The volume of messages that are sent from a single IP address is monitored. Connections from a single IP address that sends large volumes of e-mail to one or more recipients in your domain may be suspected of sending spam.
  • Content filtering   The message subject and body are examined for keywords or phrases that might indicate that a message is spam.

Messages that meet filtering criteria can be blocked or delivered to the user's Junk E-Mail folder. You can also use organization-wide rules to control the flow of e-mail messages in your organization. For example, a rule might reject all e-mail that contains specific keywords or is from a specific source.

Emergency and broadcast messages

In emergency situations, your organization may need to send a broadcast message to all users in the cloud-based e-mail service. Some organizations use third-party emergency notification services to do this.

To make sure that these messages aren't treated as spam by FOPE, and that all your users receive these messages as quickly as possible, take the following precautions:

If you are sending broadcast messages to a large number of users at once, remember that only 100 messages are accepted per connection. If more than 100 messages are queued for delivery to the cloud-based e-mail service, the connection is dropped after 100 messages, and your on-premises e-mail servers have to reestablish the connection to send the next batch of 100 messages. Therefore, you must devise an emergency broadcast message plan that lets you quickly send out e-mail to all users without exceeding the 100 messages-per-connection limit. The best way to do this is to use distribution groups or a dynamic distribution group to reduce the number of messages that are sent at one time. A group is treated as a single recipient for e-mail delivery restrictions. For more information, see Send Broadcast Messages to All Users.

If you use a third-party emergency notification service to broadcast emergency messages to your users, contact your cloud-based e-mail service representative to verify that the service complies with Windows Live.

 
Related help topics
Loading...
No resources were found.