Microsoft 365 Spam Filtering

If you have purchased licenses for Microsoft 365 or have signed up for an Office 365 business plan you will no doubt be aware that this includes Microsoft 365 spam filtering, which provides protection against internal and external email threats. While Microsoft 365 spam filtering provides a reasonable level of protection against phishing, malware, and email impersonation attacks, malicious emails do still get delivered to the inboxes of employees. So, is it possible to improve Microsoft 365 spam filtering and get greater protection from phishing, malware, ransomware, and other email threats?

Microsoft Spam Filter Solutions

At the most basic level, Microsoft 365 and Office 365 anti-spam protection comes from Exchange Online Protection (EOP). EOP provides protection against email spam, basic phishing attacks, email spoofing, and malware and ransomware delivery. EOP performs reasonably well at blocking spam email, with the Microsoft 365 spam filters blocking 99% of spam email (According to Microsoft).

While that level of protection appears good at face value, it is not as impressive as it first sounds. Consider that around 120 billion spam emails are sent each day and 43% of spam emails have been estimated to target Microsoft 365 accounts. If 1% of those messages are delivered and not blocked, that means around 50 million spam emails are not being detected by Microsoft EOP every day. There is clearly room for improving Microsoft 365 spam filtering.

What Mechanisms Does Microsoft 365 Spam Filtering Use?

Like many spam filtering solutions, the main mechanism used in Microsoft 365 email spam filtering is comparing the sender of an email against a list of known malicious IP addresses. These block lists will prevent any email from a known spamming source being delivered to inboxes and proprietary machine learning technologies protect against malicious messages from IP addresses not previously used for spamming. Email attachments will also be scanned for malware or malware downloaders and will be blocked if malware or malicious scripts are detected.

In addition to EOP, which is included with all Microsoft 365 licenses, Microsoft also offers an advanced spam filtering package called Defender for Office 365. This is included in the most comprehensive – and expensive – plans for enterprises, but not in the standard packages for SMBs. The lover level packages require this additional Microsoft anti-spam solution to be paid for separately, in addition to the license cost.

Defender for Office 365 includes advanced features for detecting malicious messages such as sandboxing. Attachments are opened in a secure sandbox and are checked for potentially malicious activity: an important feature considering many malware variants bypass the signature-based detection mechanisms of EOP. URLs embedded in emails are also checked in the sandbox to make sure they do not download malware.

How Effective are the Microsoft 365 Email Spam Filters?

EOP blocks 99% of spam email, but Defender for Office 365 will provide better protection; however, there is a caveat. These measures will only be effective if they are configured properly. That stands to reason of course, as vulnerabilities are introduced when any security solution is misconfigured. The problem is misconfigurations are easy with Microsoft 365 spam filtering mechanisms and the management overhead is considerable.

Microsoft 365 spam filtering requires spam confidence levels to be manually set per user, per department, or on a global level. Policies must be developed that stipulate what happens to emails that are detected as malicious or suspicious, and how notifications are generated for the user and security teams. Many businesses have hybrid environments and use EOP to protect their on-premises Exchange servers. In these situations, two sets of transport rules must be configured to allow on-premises Exchange mailboxes to recognize EOP spam headers.

Detection rates will be dependent on these being correctly configured. Get it wrong and there will be many potentially malicious emails arriving in inboxes or too many legitimate messages being sent to the quarantine folder, with the latter causing delays to responses to business-critical emails. It can be time consuming to get the balance right.

An Important AntiSpam Feature is Lacking in Microsoft 365 Spam Filtering

One notable absence in Microsoft 365 spam filtering that has been shown to be highly effective at improving spam detection is greylisting. Greylisting is a method of blocking bulk spam and phishing campaigns, which works by rejecting messages from non-whitelisted IP addresses and requesting the messages be resent. Genuine messages are resent, whereas spam servers tend not to respond to these requests or delay responses until the end of the spam run. A delay is an indication of whether a message is genuine.

This feature should be combined with block lists, as block lists can only be used to protect against known malicious IP addresses. IP addresses that have yet to be categorized as malicious include those that are used and quickly dropped by threat actors to get around blocklist protections. Not only will greylisting block more threats, it can also reduce the management overhead as there will be fewer quarantined emails for the IT team to check, spam confidence levels can be set for the entire organization rather than departments given the lower spam volumes arriving at the mail server, and the burden on the mail server will be reduced, which can result in genuine emails being delivered faster.

Improving Microsoft 365 Spam Filtering with a Third-Party Spam Filter

The main complaints about Microsoft 365 spam filtering are the complexity of configuration and the corresponding management overhead, but these can easily be avoided by using a third-party spam filter. The purpose of a third-party spam filter is not to replace Microsoft protections, but to complement them. A third-party solution is layered on top of Microsoft 365 anti-spam protections. Provided an advanced solution is purchased that integrates seamlessly with Microsoft 365, this will be straightforward.

The best spam filter for Microsoft 365 will integrate with Active Directory, have front end protections such as greylisting that are lacking in the Microsoft 365 email spam filters, and provide most or all of the protections provided by Defender for Office 365 such as sandboxing and URL verification.

With a third-party filtering solution the default anti-spam measures provided by EOP will stay in place, and the third-party solution can be configured to provide further protection, thus avoiding the time-consuming configuration of Defender for Office 365 if it is included in the license. If it is not, you can also avoid the cost.

Another benefit of a third-party solution is to ensure email continuity in a Microsoft 365 outage. Outages do occur and when they do, they stop email delivery. Third-party spam filters also often have the option of being deployed on-premises, which the Microsoft 365 email spam filters do not.

Improve Microsoft 365 Spam Filtering with SpamTitan

TitanHQ has been developing email security and web security solutions for more than 20 years. SpamTitan Email Security is consistently rated highly by end users for ease of use, ease of implementation, price, and improving Microsoft 365 spam filtering. These factors have helped make TitanHQ the leading provider of email and web security solutions for managed service providers serving the SMB market.

SpamTitan can be deployed as SpamTitan Cloud, or SpamTitan Gateway if preferred on-premises. SpamTitan solutions compliment Microsoft 365 spam filters and add the important greylisting feature, while providing broadly equivalent features to the those provided in the Microsoft 365 spam filtering options.

SpamTitan incorporates 6 real-time block lists to block known sources of spam, malware, phishing, and spoofing. Dual antivirus engines (Bitdefender and ClamAV) are used to detect known malware threats, with sandboxing included to detect unknown malware variants. Content filters include Bayesian analysis, heuristics, and machine learning which are capable of detecting previously unknown sources of spam, along with outbound filtering to provide data loss protection. It is possible to carefully control settings with a high degree of granularity, but the admin burden is far lower than Microsoft 365 and SpamTitan is easier to use. SpamTitan also has multiple web authentication settings, directory synchronization with Active Directory, virtually unlimited scalability, and an extensive reporting suite.

Summary of Benefits of SpamTitan Email Security Over Microsoft 365 Spam Filtering

The key benefits of SpamTitan Email Security are the excellent protection provided against email threats and the low management overhead and associated cost. With SpamTitan you get an easy-to-use interface with far less risk of misconfiguration. SpamTitan makes it easy to improve the effectiveness of Microsoft 365 spam filtering, but don’t take our word for it. Register for a free trial and you can test the full product for yourself. Full product and customer support will be provided for the duration of the free trial.

If you decide to continue with the trial, there are a range of subscription options with highly competitive prices based on the number of mailboxes that need to be protected and the term, deployment option, and frequency of payments. There are also exceptional opportunities for MSPs under the TitanShield MSP program.

Give the TitanHQ team a call today for further information of SpamTitan and how the solution can improve Microsoft 365 spam filtering at your organization.