Skip to main content

Does the Office 365 Spam Filter Offer Enough Protection?

By November 30, 2015June 17th, 2017Blog

Part of Microsoft Office 365 is a robust email client that comes with built-in spam filtering technology that promises to help rid your inbox of unwanted emails. While Microsoft builds some of the most popular software for the business world, the Office 365 spam filter is something that could definitely use the help of a dedicated email security appliance for organizations that are serious about fighting spam and phishing emails.

The Office 365 spam filter does help keep known spam and phishing emails from the user’s inbox, but this is where it is limited. Using technologies such as:

  • Whitelisting
  • Blacklisting
  • Bayesian filtering

The spam filter is limited in what type of threats it is able to spot. Their Microsoft Developer Network blog post does an excellent job of describing why spam still makes its way through the Office 365 spam filter. The short explanation, according to Microsoft is:

When you see spam in your inbox, it is usually because it is a new campaign from a spammer and we do not yet have signatures for it. During this window, a spammer can get some spam through our filter defenses to the inbox. However, our filters catch up and the rest of the campaign is marked as spam.”

Where dedicated email security helps out

To help supplement the shortcomings of the Office 365 spam filter, and other email client spam filters, many businesses turn to companies and products that are dedicated email security tools. These tools, whether they are on-site appliances or cloud based, work to stop even the more elusive threats that client-based spam filters aren’t capable of spotting. Of course, any third-party spam filter needs to use technologies other than the ones that the Office 365 spam filter relies on. If the email security filter uses the same ones, then they really aren’t offering any additional layers of protection.

Technologies that supplement the Office 365 Spam Filter

In order to effectively stop spam and phishing attacks, a spam filter has to look at why certain emails make their way through the Office 365 spam filter. According to Microsoft, it is because there is a window of time when threats are so new that there are no known signature files for them yet or their domains/IP addresses have not been identified as malicious. So how do you fight back against a threat that you don’t know exists? By using the right technical controls.

Challenge/Response Systems

The first technology that comes to mind is a challenge/response system. Since most spammers send hundreds of thousands, even millions of emails, any messages that are not delivered are simply ignored because the mail server has thousands more to try. Legitimate mail servers, however, will resend the message if they find that it was not delivered successfully. Spam filtering technology utilizes this to identify possible spammers. By holding back the delivery of a message, they wait for the server to resend. If that happens, the message is passed along for further checks. If no follow-up is sent, the message is flagged as spam.

Another form of a challenge and response system is implementing a sender address verification process. With this process, when an end user receives an email from a new or unknown sender, that sender automatically receives an email asking to confirm their identity by verifying their email address. Once this is confirmed, the sender’s email is delivered to the end user’s inbox. Again, because spammers are sending out a large volume of email, they are not going to verify their information and inboxes remain spam free.

Sender Policy Framework

Another technology that helps fight against the more sophisticated attacks is Sender Policy Framework (SPF) which helps detect spoofed email addresses. This works by checking a list of authorized sending hosts published in the DNS records for a sender’s domain. If the message comes from a legitimate host, then the message is passed along for further investigation. If it is not sent from an authorized host, it is flagged as illegitimate and is dealt with accordingly.

The Office 365 spam filter does a good job of filtering out noise generated by less sophisticated email threats. However, if your organization is serious about keeping spam and phishing threats away from your users then you need to look at a solution that will go beyond the basic technologies and provide added layers of defense. Schedule a demo of Sendio to see how you can further bolster your email defense systems.