Office 365 Anti spam Policy Best Practices
This article will give you a quick overview of some of the recommended Office 365 Anti spam policy settings
Configure Office 365 Anti spam Policies
By default the Office 365 Anti spam policy is enabled but the advanced settings are not configured. Let's take a look at some of the spam filter settings and the options you can change to improve your email threat protection.
Security & Compliance Center
Threat management - Policy - Anti-spam
Expand the Default spam filter policy - Edit policy
Spam filter settings
Spam and phishing emails
You can change the options for high confidence spam and high confidence phishing emails to either move to quarantine, redirect message to an email address or delete. I recommend setting these to quarantine to start with.
You might want to increase the threshold for bulk email depending on how much unsolicited marketing email you get. I usually leave this at the default setting of 7.
Colour coded messages that will warn you about potentially harmful messages.
Malware Zero-hour auto purge
Zero hour auto purge (ZAP) quarantines messages that contain malware after they've been delivered to your inbox.
I recommended that you leave the options for safety tips and ZAP both enabled.
Allow lists and Block lists
I don't usually enable any of the settings for allow lists, block lists and international spam unless there is a good reason to do so.
- Allow an external system/application to send mail by adding it to the allow list
- Block a domain or sender by adding them to the block lists if you detect a high number of malicious emails from that source
- Enable the international spam options if you don't have any global contacts or customers
Advanced spam filter settings
Spam properties - Increase spam score
These options will increase the spam score of a message. The higher the spam score, the more likely an email will be marked as spam.
Image links to remote sites - Off
URL redirect to other port - On
Numeric IP address in URL - On
URL to .biz or .info websites - On
You can set spam filter options to Test before enabling them. Using Test mode allows you to send a BCC copy of messages to an admin mailbox so you can see what effect the spam filter options have.
Spam properties - Mark as spam
These options will mark the email as spam if the message matches the condition.
Empty messages - On
Frame or iFrame tags in HTML - On
Object tags in HTML - On
Embed tags in HTML - On
Form tags in HTML - On
Web bugs in HTML - Off
Apply sensitive word list - On
SPF record: hard fail - On
Conditional Sender ID filtering: hard fail - On
NDR backscatter - Off
Test mode options
Send BCC message to your admin email
Configure end-user spam notifications
Set the number of days to send notifications, the default setting of 3 days is usually fine
Spam notification email