Three easy tips on reducing SPAM in Office 365

Arjan Cornelissen
exchange, office-365, security

I wanted to do a write up of the tips I found in Office 365 to reduce the number of unwanted messages in Office 365. I will skip the most basic ones like adding the SPF record as this is told by the domain configuration that you need that.

The more advanced once and usually not configured settings can bring you more.

Let us start with the anti-spam policy, this one is configured with the basic settings, but are very loose. By altering this policy you will remove some spam that is hitting your mailbox and dump it in the SPAM folder or even better the quarantine. The last one is not in your personal mailbox but stays on the server. So my recommendation is to go to the following URL https://protection.office.com/antispam and alter de default SPAM filter policy with the following settings

  • High confidence spam -> move to quarantine
  • SPAM Threshold -> 6
  • Bulk email -> move to quarantine
  • Phishing email -> move to quarantine

The next one is focused on Phishing and as you might guess this is the Anti-phishing policy that can be found at https://protection.office.com/antiphishing. Here again, the default policy is very loose and should be altered to a stricter version. The following settings are not always available depending on your license

  • Impersonation, protect all domains I own -> On
  • Impersonation, action - User impersonation -> Quarantine
  • Impersonation, action – Domain impersonation -> Quarantine
  • All three safety tips -> On
  • Mailbox intelligence -> On and Quarantine the message
  • Spoofing -> on and Quarantine the message

The third one is a bit harder and that is configuring DKIM which stands for Domain Key Identified Mail. This is not designed to fight SPAM but will help in the end to protect your domain that it is not used for SPAM as all outbound email is digitally signed.

For this, you need to create 2 CNAME DNS records like the one for the SPF record.

  • selector1._domainkey that points to selector1-._domainkey.
  • selector2._domainkey that points to selector2-._domainkey.

The domainGUID is the same as in your MX record in from of mail.protection.outlook.com The initialDomain is the domain name that you choose when you first signed up for Office 365

As an example, from my domain, it points to “selector1-worktogether-tech._domainkey.worktogether.onmicrosoft.com”

After adding these DNS records you can enable DKIM for that domain at https://protection.office.com/dkim. Select the domain and then Enable. Your DNS records need to be in place before Office 365 can enable this.