View blogs | Login

How to Improve Spam Filtering on Office 365

Office 365 has become an attractive target for cyber-criminals. With such a massive user base, 155 million monthly users as of October 2022, comes a rise in specific attacks against the platform. Jaff , Locky, and ShurL0cker were major ransomware attacks that took advantage of vulnerabilities in Office 365 with all three hitting undetected.

Although ransomware was the most popular form of malware in 2022, cyber-criminals shifted their tactics as companies increased their awareness and security measures to thwart ransomware. We are now seeing a rise in different types of email fraud, including spoofing, phishing, and business email compromise scams, just to name a few.

Office 365 uses Exchange Online Protection (EOP), its built-in spam filtering system However, EOP lacks the capabilities to detect new or unknown malware threats. With 92% of all malware delivered by email as of 2022 it is imperative now more than ever for Office 365 users fill the gaps missing from EOP.

In this article, we provide you with a list of features EOP lacks to protect you from malware, as well as provide a solution to protect you and your user's inboxes from attacks.

What is Missing from Office 365's Spam Filtering?

  • Quarantining: Office 365 does not initially quarantine junk messages. The message will go to the user's spam inbox and will only be removed if the user deletes the message or after 14 days. Admins must set up content filters to quarantine harmful messages. This allows the user to accidentally open the message and fall victim to the potential threat inside the message.
  • Junk Message Control: Office 365 puts suspected junk messages in the user's Junk folder without giving any explanation of why they went to junk. Users must mark the message as junk, and Office 365 blocks the message retrospectively.
  • Link and attachment detection: According to a study performed by Osterman Research, if an attacker creates a new URL specifically targeted against a company and links it to malware, EOP may not scan those new links and the content associated behind the links at the time of click to block the malicious message.
  • Daily Reports: Office 365 does not provide information about how many messages a user receives in a given day and how many of those messages came in as good, junk, or possible junk. Without these reports, users are will not know if a good message is incorrectly scored and will not be able to restore the message. They do not have access to information such as their total daily message count, the number of good, junk, or possible junk messages they receive, and how and why a message receives its score.
  • Customization for Filtering: Users in Office 365 are unable to create custom filters which detect the methods used by spammers to reach their inbox. Custom filters allow users to create: white/black lists which specify if a domain is friendly or harmful, SPF records which can detect forged email addresses, DKIM checks to authenticate, and emails FROM address, among other filters.
  • Policy Violations: Office 365 does not allow System Admins to monitor users inbound or outbound emails to detect messages that may violate any policies set within an organization.
  • Logging: Without message logging in Office 365, admins are unable perform an audit trail allowing them to trace the origins and history of a message. This prevents the admin from troubleshooting when an unknown error occurs during messaging to determine the route of the problem.

How do we fill in the security gap that is lacking in Office 365?

In a survey done by Osterman Research Group on Office 356 users, results concluded that 70% of users were using at least one 3rd party product to utilize Office 365 to its full potential. Of those users, 72% were implementing 3rd party email filtering services to protect their email accounts from all potential email threats.

While System Admins can tweak features to improve junk filtering to block more spam emails from reaching users' inboxes in Office 365, there's an easier way, adding more security layers with a 3rd party spam filtering service.

Xeams by Synametrics Technologies is an email server with a strong built-in email filter that can be used with Office 365. Xeams can filter both inbound and outbound messages coming through Office 365 and is simple to install. Xeams is equipped with all the features mentioned above and is packed with many additional features to protect user's inboxes, Including:
  • Extensive Reporting: Xeams is equipped with many reports that provide admins with usage and trend information about their email server. Some of the reports Xeams provides include:
    • Summary Reports: This report is sent to users on a daily basis and shows the summary of emails that have been quarantined for a user. The report contains the sender, subject, and score of a message. With this report, users can check for any messages that were incorrectly scored and quarantined by the system so they can be restored.
    • Activity by IP Address: This report provides a summary of IP addresses that have sent junk mail to your server. This provides admins with the capability to black-list an IP with just 1-click.
    • Legal Reports: If a company is being sued or is in legal trouble, Legal Reports lets admins easily search messages sent or received by a given user. They can check any attachments to emails, the dates emails were sent, and who a user has been corresponding with. This ensures an organization and its employees remain accountable for their internal and external communications.
    • End-to-End Encryption: Ensure messages are being viewed only by the intended recipient with password protection. Even if an email is intercepted at the server level, it will remain encrypted.
    • Trick Prevention: Xeams can detect new tactics used by spammers to sneak emails past spam filters. For example, CEO forgery, a newer trick used by spammers in which they forge the email and email address or domain to make an email appear as though it came from the CEO. Xeams uses a filter called "Sender Name Forgery" to block these types of messages.
    • Live Monitoring: Lets admins watch new emails as they arrive in the server in real time, where they can check the SMTP communication between emails right away.
    • Message Indexing: Xeams creates an index for every massage incoming and outgoing message which allows for a quick search for any previously sent message.
    You can try Xeams today 30 days by downloading a free trial here.

    For more information about Xeams and how it works with Office 365 please visit

    Or contact our support team via:
    Phone: 609-750-0007

    Created on: Mar 21, 2019
    Last updated on: May 27, 2024


    Your email address will not be published.


    Social Media

    Powered by