How do you modify O365 to help with spam?

[thecomputerguy]

A while back I made a post here: https://www.technibble.com/forums/t...dard-office-365-spam-filtering-product.85921/

Asking for a spam filtering product for O365 because I have several problem clients who love to use me as a human spam filter and it really irritates me.

The general consensus was that the built in tools for spam in O365 are plenty "fine" but you just need to adjust them properly.

What do you all do to adjust the O365 tenant to make them filter spam properly if it were just starting as a brand new O365 tenant.

I have clients who are getting multiple emails a week that look like this garbage and they just forward them to me and say "Hey! is this spam?" I want to reply and say "Hey! Are you dumb?" but I usually just answer with a yes.

 

[Sky-Knight]

Protection.office.com -> Threat Management -> Policy

You'll see anti-spam, anti-phish, and anti-malware on the right. Edit the default spam filter policy. The threshold is 7, I set mine to 6 and retain spam for 30 day and don't have too much trouble.

But you'll have to look at the mail you're getting and adjust accordingly.

 

[Markverhyden]

A while back I made a post here: https://www.technibble.com/forums/t...dard-office-365-spam-filtering-product.85921/

Asking for a spam filtering product for O365 because I have several problem clients who love to use me as a human spam filter and it really irritates me.

The general consensus was that the built in tools for spam in O365 are plenty "fine" but you just need to adjust them properly.

What do you all do to adjust the O365 tenant to make them filter spam properly if it were just starting as a brand new O365 tenant.

I have clients who are getting multiple emails a week that look like this garbage and they just forward them to me and say "Hey! is this spam?" I want to reply and say "Hey! Are you dumb?" but I usually just answer with a yes.

View attachment 12444

The above is phishing. Not spam. At least in my book. I classify all of it as malware because nothing good ever comes of it. That being said customers are customers. Every email I get that asks "is this bad" gets a reply that is also billed. If someone does not have the basic native language skills to interpret obvious red flags maybe getting billed will help them learn.

My replies always give pointers to them to help understand the difference. The first being do they recognize the sender. Next I'll point out that a salutation, like Hello, should always be followed by a name or the EU's email address using a pointer (line with arrowhead) and some text.

Filters work fine but for many customers I usually have to set them to a minimum because legit emails get blocked.

 

[thecomputerguy]

The above is phishing. Not spam. At least in my book. I classify all of it as malware because nothing good ever comes of it. That being said customers are customers. Every email I get that asks "is this bad" gets a reply that is also billed. If someone does not have the basic native language skills to interpret obvious red flags maybe getting billed will help them learn.

My replies always give pointers to them to help understand the difference. The first being do they recognize the sender. Next I'll point out that a salutation, like Hello, should always be followed by a name or the EU's email address using a pointer (line with arrowhead) and some text.

Filters work fine but for many customers I usually have to set them to a minimum because legit emails get blocked.

It's just insane to me that the O365 filtering is SO Subpar to Gmail. A lot of times I get a clients email asking if their email was spam in my spam filter because I use Gmail primarily. Is Gmail really just that far ahead of MS?

 

[thecomputerguy]

Protection.office.com -> Threat Management -> Policy

You'll see anti-spam, anti-phish, and anti-malware on the right. Edit the default spam filter policy. The threshold is 7, I set mine to 6 and retain spam for 30 day and don't have too much trouble.

But you'll have to look at the mail you're getting and adjust accordingly.

I'll bump it to 6 and see if that helps ... thanks!

 

[Sky-Knight]

@thecomputerguy

Gmail is in no way ahead of MS, but they do a ton of this tuning for you via a bucket of automation. And given the take you have on the subject I'm going to assume you've never run afoul of that unsupported mess when it eats an entire company and they can't send or receive mail for three days.

There's an anti-phish item on that page above too, go tune it. If you didn't turn that feature ON that's part of the problem.

But there's a rub here... It doesn't matter what you do, you cannot filter out spear phishing attempts. There's literally no difference between a properly formed phishing mail and a normal corporate email. And yes, people on Google get them too.

About the only thing Google does better than Microsoft, comes because everyone uses Android. Google mail signed in on an Android device results in AUTOMATIC enrollment in 2FA for the mailbox in question. M365 requires you to install or configure an authenticator manually. Because yeah, they don't own the OS on the mobile device. But even THAT comes at a cost... ever had your Google Auth break?

Pray you never do... I can fix my MS crap in seconds, Google? It's like supporting Apple... fiddle for days until it works, IF it works.

 

[thecomputerguy]

@thecomputerguy

Gmail is in no way ahead of MS, but they do a ton of this tuning for you via a bucket of automation. And given the take you have on the subject I'm going to assume you've never run afoul of that unsupported mess when it eats an entire company and they can't send or receive mail for three days.

There's an anti-phish item on that page above too, go tune it. If you didn't turn that feature ON that's part of the problem.

But there's a rub here... It doesn't matter what you do, you cannot filter out spear phishing attempts. There's literally no difference between a properly formed phishing mail and a normal corporate email. And yes, people on Google get them too.

About the only thing Google does better than Microsoft, comes because everyone uses Android. Google mail signed in on an Android device results in AUTOMATIC enrollment in 2FA for the mailbox in question. M365 requires you to install or configure an authenticator manually. Because yeah, they don't own the OS on the mobile device. But even THAT comes at a cost... ever had your Google Auth break?

Pray you never do... I can fix my MS crap in seconds, Google? It's like supporting Apple... fiddle for days until it works, IF it works.

I looked at that but it's incredibly manual ... "Allow emails from X domain" "Deny emails from X domain" ... that's not going to work.

 

[Markverhyden]

It's just insane to me that the O365 filtering is SO Subpar to Gmail. A lot of times I get a clients email asking if their email was spam in my spam filter because I use Gmail primarily. Is Gmail really just that far ahead of MS?

Personally I consider them to be on par but different golf courses so to speak. If you notice my last sentence I've had customers that told me their customers sent them emails and they never received them. Those were M365.

I've got one customer whose accountant, who has gmail, bounces my emails with "Please visit 5.7.26 https://support.google.com/mail/answer/2451690 to learn about the 5.7.26 DMARC initiative. ". And I have everything in place for DMARC.

 

[Sky-Knight]

I looked at that but it's incredibly manual ... "Allow emails from X domain" "Deny emails from X domain" ... that's not going to work.

That's within the policy you were editing, you can make new ones. But yes, the domain black / white list is one of the easier features to find and tweak but also one of the weakest.

There are services that do all this for you... I don't use them but other MSPs I've worked with swear by them. It's all down to how you want to handle it.