Too many recipents? Mail Flow rule possible?

Shimshey Rosenberg 21 Reputation points
2020-07-15T12:09:00.18+00:00

Often, Spam or phishing emails would be sent to my entire organization. other times, it would be sent to 10-15 people.
Is there any way to set a rule something like this;
"If an email arrives from a sender that sent more then X emails in the past hour, then notify an admin".
Like this, we can get alerts when something does not sound right, and act on it quickly.
Yet I know it is going to be many false positives, hence the reason I want alerts only and not blocking.

Does anything like this exist?

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,174 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David 701 Reputation points
    2020-07-15T12:13:29.143+00:00

    There is no mail flow rule or anything built-in natively to Exchange like that to alert.
    I assume you are referring to on-prem Exchange here.

    I would look at your anti-spam solution to see if that is supported. Hopefully, you are not using just the built-in Exchange anti-spam capabilities. :)

    0 comments
  2. Joyce Shen - MSFT 16,641 Reputation points
    2020-07-16T06:28:49.007+00:00

    As Andy said, there is no such mailflow rule can meet your requirement. You could refer to the official document about Configure outbound spam filtering in EOP

    It gives a configuration (Optional) Expand the Recipient Limits section to configure the limits and actions for suspicious outbound email messages

    0 comments