Some companies that have moved from on-premises Exchange Server to Office 365 may have noticed a strange side effect:...
End users are suddenly being flooded with a nearly unmanageable volume of spam in Office 365. So, why would this happen and how can Exchange admins control this onslaught of spam?
The reason for the sudden spike in spam with Office 365 most likely has to do with spam filtering. In my personal lab, I used GFI MailEssentials for several years and fine-tuned the filtering to the point that almost no spam ever made it to my mailbox. Unfortunately, I had to give up my antispam software after switching to Office 365 because Microsoft doesn't allow Office 365 customers to run third-party applications on their servers.
Essentially, there are two main ways to control spam in Office 365. Small Exchange installments can control it through Outlook on a per-mailbox basis; enterprises with several Exchange users can use Forefront Online Protection for Exchange for organization-wide spam control.
The Office 365 spam control feature uses Forefront Online Protection for Exchange. To access Forefront Online Protection for Exchange, open the administrative interface, click Manage under the Exchange Server section and then click on Forefront Online Protection for Exchange.
Configuring Forefront Online Protection for Exchange is relatively straightforward and self-explanatory. The filtering process is based around policy rules, which can be applied to specific domains or to all domains. They are typically applied to inbound messages, but can be applied to outbound messages to prevent spam from coming from the organization.
The policy rules are based around message attributes. For example, you could create a policy rule based on the sender's IP address, a word in the subject line or an attachment name.
Forefront Online Protection for Exchange also filters spam based on the spam confidence level (SCL) value. The SCL is a value between 0 and 9 based on the likelihood of the message being spam. Messages with a higher SCL have a higher probability of being spam. A message will be delivered to the end user's junk mail folder if it has an SCL level of 5 or higher. Messages with an SCL of 4 or lower are delivered to the user's inbox. The threshold can be adjusted to meet the organization's needs, but more aggressive filtering can be risky due to the increased chances of a false positive. It's generally recommended to use the default threshold values.
Organizations making the switch to Office 365 may need to take some extra steps to avoid being flooded with spam. One possible option is to create a series of policy rules for Office 365 spam before you begin moving mailboxes to the cloud after signing up. That way, spam filtering will already be in place before the mailboxes are actually moved.
About the author:
Brien Posey is a ten-time Microsoft MVP with two decades of IT experience. Before becoming a freelance technical writer, Brien worked as a chief information officer at a national chain of hospitals and healthcare facilities. He has also served as a network administrator for some of the nation's largest insurance companies and for the Department of Defense at Fort Knox.