Office 365 Spam Filter

The Office 365 spam filter that comes with the purchase is often criticized, even though Microsoft frequently introduces brand new options to improve the spam detection rates.

The main reason why the spam filter on Office 365 fails to identify spam is the fact that Microsoft spam filters email retrospectively.

Microsoft will only submit an email for the Realtime Blacklist after a user identifies it as spam, after such time the IP address that it originated from will be blacklisted IP in the next software upgrade. As hackers often change the IP address that they are sending spam from, this tactic is not as successful as it should be/ With spammers often changing IP addresses, retrospective updating is usually ineffective.

IP throttling was added to the solution to address this issue by blocking email messages originating from sources without a good IP reputation. This resulted in messages from genuine companies with brand new IP addresses being flagged as spam; and even, when Microsoft released a self service IP Delist Portal to assist companies with brand new IP addresses improve their IP reputation, it also provided spammers the chance to delist their blocked IP addresses, exacerbating the issue.

A study conducted by IBM Security shows the degree to which ransomware continues to be used by cybercriminals and how it is being used in email attacks. In between 2016 as well as 2017 there was a 6,000% increase in messages that included ransomware. The increased attacks have slowed as a number of threat actors have begun to focus on cryptojacking, though the risk from ransomware continues to be a reality. Ransomware gangs have used several methods to attack companies and also favor brute force strikes on RDP, but there has been a rise in ransomware attacks by email during 2020 and insidious malware variants like TrickBot continue to be largely spread through email. The TrickBot operators have combined their Trojan with Ryuk ransomware, which is presented as a second payload when the Trickbot Trojan.

Lots of Office 365 users eventually see that the level of spam filtering provided is insufficient. A lot of attacks and regular spam email are often blocked by Office 365, but spear phishing risks typically bypass Office 365 defenses and are delivered to end users’ inboxes. Because of this, lots of companies decide to enhance the spam filtration system on Office 365 with third party anti spam software programs.

Greylisting could be the ideal solution to enhance the spam filter system on Office 365. This is a method which returns messages to their originating server with a request for the email to be resent. Many mail servers resend the returned email in just minutes. Nevertheless, spammers’ mail servers, which are very busy mailing new spam emails, fail to see the request in most cases.

Though Real Time Block Lists prevent incoming messages from recognized sources of spam, the Greylisting system removes incoming emails from as-yet-unreported sources of spam. Spam filters with a Greylisting feature can stop spam from bypassing detection and minimize the danger of a company falling victim to a phishing attack, or a malware/ransomware download.