Do teams groups follow spam rules?

thecomputerguy

thecomputerguy

Well-Known Member
Reaction score
1,414
I have a client who has a couple Teams setup at info@ accounting@ and those accounts seem to just BREED spam ... they have the option enabled to allow external senders to mail to the group and the group email gets forwarded to the main people in the company and they are complaining of the amount of spam coming through these accounts.

I've investigated myself and the amount of spam being sent to info@ accounting@ is ungodly.
 
365 licenses a "per user"
Shared mailboxes are protected under the highest license of the user(s) accessing it (members).
(I'm 99% fairly sure that's still the case)

Are you policies pointed to just the user accounts...or to the entire domain?

Also remember....common names (like info@, acct@, etc)....are well known by spammers and simply POUNDED by spam via truckloads. So...while you might see a lot of spam making it through, truckloads of it are likely rejected or quarantined or junked...based on whatever you policies are set to.

Have you dialed up the policies? What are they set to?
 
YeOldeStonecat said:
365 licenses a "per user"
Shared mailboxes are protected under the highest license of the user(s) accessing it (members).
(I'm 99% fairly sure that's still the case)

Are you policies pointed to just the user accounts...or to the entire domain?

Also remember....common names (like info@, acct@, etc)....are well known by spammers and simply POUNDED by spam via truckloads. So...while you might see a lot of spam making it through, truckloads of it are likely rejected or quarantined or junked...based on whatever you policies are set to.

Have you dialed up the policies? What are they set to?
Click to expand...

Spam rules are set to the PDF you sent me a couple years ago for Threat policies, to a tee ... this one

1745517314803.png

Is this is a matter of bumping up the bulk email anti-spam policy?

1745517613935.png
 
YeOldeStonecat said:
365 licenses a "per user"
Shared mailboxes are protected under the highest license of the user(s) accessing it (members).
(I'm 99% fairly sure that's still the case)

Are you policies pointed to just the user accounts...or to the entire domain?

Also remember....common names (like info@, acct@, etc)....are well known by spammers and simply POUNDED by spam via truckloads. So...while you might see a lot of spam making it through, truckloads of it are likely rejected or quarantined or junked...based on whatever you policies are set to.

Have you dialed up the policies? What are they set to?
Click to expand...

Policies are set to cover the domain
 
Yeah those policies are a little old now. You can tighten them up a bit, the setting of 5 is OK....but there may be some other settings that are still on default? Expand the specific ones....
 
Those policies are VERY old now. You can use those rules, they do work... but they've also got 1000 knobs to turn to get right.

I'd just deploy the Standard Security preset you can find in the Defender panel. Make sure the targeting is correct (by default it's all domains, all mailboxes) and walk away.

M365 addresses and shared mailboxes are defended at whatever license level the users in the groups are as Stonecat mentioned. And even if you don't have any Defender for O365 anywhere, that's still a better place to configure filtering. The "ATP" process is no longer really valid anymore.
 
Last edited:
You must log in or register to reply here.

Similar threads

thecomputerguy
Do Teams Groups (External Email) follow threat policies?
Replies
6
Views
324
YeOldeStonecat
YeOldeStonecat
thecomputerguy
Converting a Teams Group to an actual O365 account.
Replies
12
Views
965
nlinecomputers
nlinecomputers
A
Mute other sounds - MS Teams
Replies
10
Views
2K
Sky-Knight
Sky-Knight
thecomputerguy
What is the best way to offload data somewhere else from a sharepoint library?
2
Replies
34
Views
3K
Sky-Knight
Sky-Knight
B
Microsoft Business 365 Question (Sharepoint / Onedrive / Teams)
Replies
17
Views
2K
brandonkick
B
Back
Top