Greylisting is one of the most useful features of a website filter when it comes to protecting your organization from phishing attacks in Office 365.
If you are an office 365 user then, no doubt, you will have noticed that the cybersecurity and anti spam measures that are provided with the solution are of a bare minimum requirement. Microsoft design software to send emails specifically for that purpose. They do not dedicate huge amounts of money into protecting you from phishing attacks. In order to get the best level of protection available you need to identify a premium solution from a 3rd party provider.
There is no cheap and easy way to tackle spam email attacks. You get what you pay for. Basically you are facing a situation where you invest in a premium package or undertake a manual process that may not even provide the results you require. The end result, if you fail to protect your mail servers properly could be data being stolen, money being stolen or a regulatory fine for failing to protect private data properly.
With Office 365 the rate of spam protection is very low as the spam filter employs a method where it compares inbound emails to “real-time block lists” – databases of known sources of spam. Upon discovery of a match, spam emails are sent to a quarantine folder, bounced, or deleted, depending on how the filter has been installed. This means that the phishers simply need to amend their mail servers to an IP address that has not been blacklisted in order to infiltrate your database. This will continue until the IP address is flagged and placed on the real-time block list. At this point they will repeat the process again, and continue doing so, until they register a successful attack.
In addition to this Office 365 does not boast malicious URL detection which blocks phishing emails, predictive machine learning capability which can spot new methods of malware attack and outbound email scanning to prevent your company domain being accessed and subsequently placed on a blacklist when spam is shared from it.
There is an option of paying extra for a higher level of email security from Microsoft. However it does not include Greylisting, the best method of safeguarding your databases from new attacks.
In Greylisting incoming mails are retired to the mail server where they were initially sent from with a request for the mail to be sent again. The thinking behind this is that only genuine email users will have the time to notice that the email is in their inbox. In most cases phishers email servers are so busy that a returned mail will not be noticed.
Even if you have concerns that you may miss an email from a potential customer you can review the returned emails and mark them as safe for future reference. Known sources of spam email are also blocked using this method.