Office365 spam

NerdyDad

@syko24 said in Office365 spam:

So really nothing can be done. Microsoft assumes that any email sent from an O365 account to another O365 account is always non-spam.

Block the domain of the sender.

syko24

@nerdydad - I agree with adjusting the spam settings. The only issue is that it appears that all O365 accounts come through as clean email regardless of the content.

syko24

@nerdydad - It's always a different domain.

I know at the end of the day the answer is user education. I was interested to see if anyone else noticed this trend since I know a lot of people here are using O365 for email.

NerdyDad

Have you looked at the headers and made sure that the domain isn't being spoofed?

momurda

You can check the spam score of these messages. It is possible they are getting marked with a score just below your threshold for rejection/deletion.
I know when we used O365 i had to set the threshold to 4 to get this nonsense to stop.

syko24

@nerdydad said in Office365 spam:

Have you looked at the headers and made sure that the domain isn't being spoofed?

Definitely not being spoofed per the info in the header. The domains that are sending the spam also have SPF setup with O365 so that would also lead me to believe they are actually being sent from the real O365 account.

syko24

@momurda said in Office365 spam:

You can check the spam score of these messages. It is possible they are getting marked with a score just below your threshold for rejection/deletion.
I know when we used O365 i had to set the threshold to 4 to get this nonsense to stop.

I'll look at the scores and see what they are posting. I almost feel like I should just put an alternative spam filter in front of our account. Something that actually checks the links in the body of the email.

syko24

Spam Score is SCL 1

momurda

@syko24 Oh those ones. Are they like the Professionals' contact list ones?
The loan shark ones? Lonely Hearts Club?
To stop these you usually need to use some sort of regex that is common to all emails of one type.

dbeato

@syko24 said in Office365 spam:

ms have in common is that the sender/reply-to address is from a domain that is also using Office365 for email. I assume what is happening is the domain sending the emails is someone who fell for the scam and now their email account is being used to send spam to other Office365 accounts because they are unlikely to be marked as spam.

I have users that receive emails from Office 365 senders and they are not in office 365 which means is an Spam problem and not an Office 365 problem. Even if you host emails in Office 365 you should either adjust your Spam Filtering or use an external Spam Filtering.