Office 365 email anti-spam protection

Are you concerned about too much spam in Office 365? We’ve built multiple spam filters into your Exchange Online or Exchange Online Protection (EOP) service, so your email is protected from the moment you receive your first message. In order to help prevent spam in Exchange Online, you may want to change a protection setting to deal with a specific issue in your organization—say you’re receiving a lot of spam from a particular sender, for example – or to simply fine tune your settings so that they’re tailored to best meet the needs of your organization. To do this, you can change the following anti-spam settings in the Exchange admin center.

These options help you prevent spam in Exchange Online

Connection filtering is based on the reputation of the sender. You can create an Allow list (or safe sender list) to make sure you receive every message sent to you from a specific IP address or IP address range. You can also create a list of IP addresses from which to block messages. For more information, see Configure the Connection Filter Policy. If you're concerned about spam in Office 365, use connection filtering to help prevent spam in Exchange Online.

Spam filtering checks for message characteristics consistent with spam. You can change what actions to take on messages identified as spam, and choose whether to filter messages written in specific languages, or sent from specific countries or regions. You can also turn on advanced spam filtering options if you want to pursue an aggressive approach to spam filtering. Additionally, you can configure end-user spam notifications to inform users when messages intended for them were sent to the quarantine instead. (Sending messages to the quarantine is one of the configurable actions.) From these notifications, end users can release false positives and report them to Microsoft for analysis. For more information, see Configure your spam filter policies. In order to help prevent spam in Exchange Online and Office 365, use spam filtering, if you're concerned about too much spam in Office 365, use connection filtering to help prevent spam in Exchange Online.

Important: For EOP standalone customers: By default, the EOP spam filters send spam-detected messages to each recipients’ Junk Email folder. However, in order to ensure that the Move message to Junk Email folder action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that spam is routed to each user's Junk Email folder.

Extra information if you receive too much spam in Office 365

The following video provides and overview of configuring spam filtering in EOP.

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

For more details, see the Configure spam filter policies topic.

Check your outgoing messages to prevent spam in Exchange Online

Outbound filtering checks to make sure your users don’t send spam. For instance, a user’s computer may get infected with malware that causes it to send spam messages, so we build protection against that into the product. You can’t turn off outbound filtering, but you can configure the settings described in Configure the outbound spam policy. If you're concerned about too much spam in Office 365, use outbound filtering to help prevent spam in Exchange Online.

Beyond the basics: More ways to prevent spam in Exchange Online and Office 365

If you want to go beyond the built-in spam filtering and create custom rules that are based on your business policies, the Transport rules feature is another filter that will help you prevent spam in Office 365 and Exchange Online. For example, you can use Transport rules to set the spam confidence level (SCL) value for messages that match specific conditions, as described in Create a transport rule that sets the Spam Confidence Level (SCL) of a message.

If you’re looking for information about how end users can manage their own spam settings, check out Overview of the Junk Email Filter (for Microsoft Outlook users) or Learn about Junk email and phishing (for OWA users). If you’re using EOP to protect on-premises mailboxes, be sure to use directory synchronization to ensure that these settings are synced to the service. For more information about setting up directory synchronization, see “Use directory synchronization to manage mail users” in Manage mail users in EOP.

For more information

Blog: Why does spam and phishing get through Office 365?

Anti-Spam Protection FAQ

Prevent false positive email marked as spam with a safelist or other techniques

How to set up Office 365 spam filtering to help block junk messages

What's the Difference Between Junk Email and Bulk Email?

Anti-spam message headers

Customize an SPF record to validate outbound email sent from your domain

Backscatter Messages and EOP

Still need help?

Get help from the Office 365 community forums Admins: Sign in and create a service request Admins: Call Support

Was this information helpful?

How can we improve it?

How can we improve it?

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!