3 minutes reading time (687 words)

Office 365 Anti spam Policy Best Practices

This article will give you a quick overview of some of the recommended Office 365 Anti spam policy settings

Configure Office 365 Anti spam Policies

By default the Office 365 Anti spam policy is enabled but the advanced settings are not configured. Let's take a look at some of the spam filter settings and the options you can change to improve your email threat protection.

Security & Compliance Center

Threat management - Policy - Anti-spam

Expand the Default spam filter policy - Edit policy

Spam filter settings

These are the Office 365 spam filter settings, let's take a look at some of the options you might want to change.

Spam and phishing emails
You can change the options for high confidence spam and high confidence phishing emails to either move to quarantine, redirect message to an email address or delete. I recommend setting these to quarantine to start with.

Bulk email
You might want to increase the threshold for bulk email depending on how much unsolicited marketing email you get. I usually leave this at the default setting of 7.

Safety Tips
Colour coded messages that will warn you about potentially harmful messages.

Malware Zero-hour auto purge
Zero hour auto purge (ZAP) quarantines messages that contain malware after they've been delivered to your inbox.

I recommended that you leave the options for safety tips and ZAP both enabled.

Allow lists and Block lists

I don't usually enable any of the settings for allow lists, block lists and international spam unless there is a good reason to do so.

For example, you could:
  • Allow an external system/application to send mail by adding it to the allow list
  • Block a domain or sender by adding them to the block lists if you detect a high number of malicious emails from that source
  • Enable the international spam options if you don't have any global contacts or customers

Advanced spam filter settings

Spam properties - Increase spam score
These options will increase the spam score of a message. The higher the spam score, the more likely an email will be marked as spam.

Image links to remote sites - Off
URL redirect to other port - On
Numeric IP address in URL - On
URL to .biz or .info websites - On

Spam properties - Mark as spam
These options will mark the email as spam if the message matches the condition.

Empty messages - On
Javascript or VBScript in HTML - On
Frame or iFrame tags in HTML - On
Object tags in HTML - On
Embed tags in HTML - On
Form tags in HTML - On
Web bugs in HTML - Off
Apply sensitive word list - On

SPF record: hard fail - On
Conditional Sender ID filtering: hard fail - On
NDR backscatter - Off

Test mode options

Send BCC message to your admin email 

Configure end-user spam notifications

Set the number of days to send notifications, the default setting of 3 days is usually fine

Spam notification email


Office 365 Anti malware Policy Best Practices - TechLabs

This article will give you a quick overview of some of the recommended settings for the Office 365 malware filter.

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 01 June 2023
You can help support this website by buying me a coffee!
Buy Me A Coffee
Cron Job Starts