Office 365 email anti-spam protection

Are you concerned about too much spam in Office 365? We’ve built multiple spam filters into your Office 365 or Exchange Online Protection (EOP) service, so your email is protected from the moment you receive your first message. In order to help prevent spam in Office 365, you may want to change a protection setting to deal with a specific issue in your organization—say you’re receiving a lot of spam from a particular sender, for example – or to simply fine tune your settings so that they’re tailored to best meet the needs of your organization. To do this, you can change anti-spam settings in the Office 365 Security & Compliance Center.

These options help you prevent spam in Office 365

Connection filtering    checks the reputation of the sender before allowing a message to get through. You can create an allow list, or safe sender list, to make sure you receive every message sent to you from a specific IP address or IP address range. You can also create a list of IP addresses from which to block messages, called a block list. For more information, see Configure the Connection Filter Policy. If you're concerned about spam in Office 365, use connection filtering to help prevent spam.

For customers who have Office 365 Enterprise E5 or have purchased Advanced Threat Protection (ATP) licenses, connection filtering is used by spoof intelligence to create allow and block lists of senders who are spoofing your domain. For more information, see Learn more about spoof intelligence.

Spam filtering    checks for message characteristics consistent with spam. You can change what actions to take on messages identified as spam, and choose whether to filter messages written in specific languages, or sent from specific countries or regions. You can also turn on advanced spam filtering options if you want to pursue an aggressive approach to spam filtering. Additionally, you can configure end-user spam notifications to inform users when messages intended for them were sent to the quarantine instead. (Sending messages to the quarantine is one of the configurable actions.) From these notifications, end users can release false positives and report them to Microsoft for analysis. For more information, see Configure your spam filter policies. In order to help prevent spam in Office 365, use spam filtering, if you're concerned about too much spam in Office 365, use connection filtering to help prevent spam.

Important: For EOP standalone customers: By default, the EOP spam filters send spam-detected messages to each recipients’ Junk Email folder. However, in order to ensure that the Move message to Junk Email folder action will work with on-premises mailboxes, you must configure two Exchange transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that spam is routed to each user's Junk Email folder.

Extra information if you receive too much spam in Office 365

The following video provides and overview of configuring spam filtering in EOP.

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

For more details, see the Configure spam filter policies topic.

Check your outgoing messages to prevent spam in Office 365

Outbound filtering    checks to make sure your users don’t send spam. For instance, a user’s computer may get infected with malware that causes it to send spam messages, so we build protection against that into the product. You can’t turn off outbound filtering, but you can configure the settings described in Configure the outbound spam policy. If you're concerned about too much spam in Office 365, use outbound filtering to help prevent spam in Exchange Online.

Beyond the basics: More ways to prevent spam in Office 365

Transport rules    If you want to go beyond the built-in spam filtering and create custom rules that are based on your business policies, the Transport rules feature is another filter that will help you prevent spam in Office 365. For example, you can use Transport rules to set the spam confidence level (SCL) value for messages that match specific conditions, as described in Create a transport rule that sets the Spam Confidence Level (SCL) of a message.

Email authentication    includes techniques that use the Domain Name System (DNS) to add verifiable information to email messages about the sender of an email message. More advanced Office 365 admins can make use of these email authentication technologies:

  • Sender Policy Framework (SPF). SPF validates the origin of email messages by verifying the IP address of the sender against the alleged owner of the sending domain. For a quick introduction to SPF and to get it configured quickly, see Set up SPF in Office 365 to help prevent spoofing. For a more in-depth understanding of how Office 365 uses SPF, or for troubleshooting or non-standard deployments such as hybrid deployments, start with How Office 365 uses Sender Policy Framework (SPF) to prevent spoofing.

  • DomainKeys Identified Mail (DKIM). DKIM lets you attach a digital signature to email messages in the message header of emails you send. Email systems that receive email from your domain use this digital signature to determine if incoming email that they receive is legitimate. For information about DKIM and Office 365, see Use DKIM to validate outbound email sent from your domain in Office 365.

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC helps receiving mail systems determine what to do with messages that fail SPF or DKIM checks and provides another level of trust for your email partners. For information on setting up DMARC, see Use DMARC to validate email in Office 365.

If you're concerned about spam, phishing, and spoofing in Office 365, use SPF, DKIM, and DMARC together to help prevent spam and unwanted spoofing.

End-user managed settings    If you’re looking for information about how end users can manage their own spam settings, check out Overview of the Junk Email Filter (for Microsoft Outlook users) or Learn about Junk email and phishing (for OWA users). If you’re using EOP to protect on-premises mailboxes, be sure to use directory synchronization to ensure that these settings are synced to the service. For more information about setting up directory synchronization, see “Use directory synchronization to manage mail users” in Manage mail users in EOP.

For more information

Blog: Why does spam and phishing get through Office 365?

Anti-Spam Protection FAQ

Prevent false positive email marked as spam with a safelist or other techniques

How to set up Office 365 spam filtering to help block junk messages

What's the Difference Between Junk Email and Bulk Email?

Anti-spam message headers

Backscatter Messages and EOP

Still need help?

Get help from the Office 365 community forums Admins: Sign in and create a service request Admins: Call Support

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×