Spam Policy setup

Hi Kassann,

Please check the information that I shared with you in private message, if there is any update, welcome to feedback here.

In addition, after consulting our escalated engineer, we’d like to share with you that:

1. Based on my experience, organization usually select to deliver bulk and spam emails to Junk Email folder and deliver phishing email to Quarantine.
2. EOP(Exchange Online Protection) of Microsoft 365 firstly runs SPAM filtering, and then runs transport rule, that’s the reason why the transport rule doesn’t work, the spam email is delivered to Junk Email folder directly, as it is EOP’s running mechanism, we cannot change spam filtering via transport rule, your understanding is appreciated. Regarding the redirection action, as I showed in private message, it should be related to SPAM filtering rather than transport rule.
3. In general, EOP treats email as spam based on sensitive attachment, link or other sensitive information, you mentioned all emails that are generated from your website will be delivered to Junk Email folder, under this circumstance, we recommend you improve the ability of your website to identify unsafe comment, otherwise, the sender account might be blocked due to multiple spam emails. In addition, since all emails are delivered to Junk Email folder, you could assign specific people to monitor and filter emails manually. And rather than redirecting email to another mailbox, we recommend you could change the recipient mailbox directly.

Kind Regards,

Betty

Hi Betty,

Thanks for your reply.

1. How the large organisations handling Bulk, Spam and phishing emails? Is there any best practice you would suggest in terms of Anti-spam policy and Mail Flow?
2. The Exchange mail flow rules are not working as we may using "X-Forfront-Antispam-Report" header OR SCL value as condition. That is why "Prepend subject line" is not working. All screenshot you have shared has different condition(is received from this email ID). Seems only Anti-Spam policy conditions are working fine,
3. We are using multiple channels, e.g: In our website we have contact us form, visitors submit sales query and some submit spam content(e.g: SEO contents); all query forward to specific email ID and sender email ID will be same for all emails. How to handle this situation?

Thanks.

Hi Kassann,

You may check if my previous suggestion works for you, the reason why the emails are delivered to Junk folder is the SCL value overs 5. In addition, from your description, these "spam" emails actually are not spam, based on your scenario, I think what we need to do is to bypass these false "spam" emails, if these emails are sent from specific senders/organizations that are trusted by you, you could consider to add their accounts/domains to your organization’s safe sender list.If your organization also receives other true spam emails frequently, then we recommend you check below article to promote the security of your organization.

Anti-spam protection in EOP- Prevent the delivery of spam to the Inbox/Prevent good email from being identified as spam

In addition, regarding this phenomenon, we also recommend you report it to Microsoft, for detailed steps, please view below:

In OWA, right-click the spam email in Junk Email folder and select "Mark as not junk", then click Report button to report it to Microsoft.

To configure phishing email and bulk email policy, you could go to SCC > Threat management > Policy > ATP anti-phishing/ Anti-spamand configure related action to reroute these emails to Junk Email folder.

Hope my suggestions could help you, welcome to feedback if you have any other concern.

Kind Regards,

Betty

Thanks for your reply,

What we are trying to achieve here,

SPAM:                             Redirect email to specific email ID with prepend subject line as [*SPAM*]

High confident spam:     Redirect email to specific email ID with prepend subject line as [*HSPAM*]    

Phishing Email:               Recipient’s Junk box

High confident phishing: Recipient’s Junk box

Bulk:                               : Recipient’s inbox with prepend subject line as [*BULK*]

Usually we receive sales request/query via email, sometimes those emails marked as spam and end up in junk as people do not check Junk box regular basis and we may miss important mails in Junk. So we have open shared mail box call "******@domain.com.au" and place rule to move all spam to redirected email inbox(someone will check spam inbox and verify spam/not).

At the same time Phishing email need to sent to recipient's Junk Box, they can check web link and see whether legit link or not.

Currently all spam emails redirected to "@domain.com.au", but without prepend subject link and going to Junk. We want Spam mail to end in inbox of the redirected mail box("@domain.com.au").

Also, all Bulk email need to ends in recipient's inbox and then they can check and delete. Again phishing must end in junk.

Please suggest me step by step process to achieve this goal.

Thanks

Hi Kassann,

Based on our discussion and research, we think it is unreasonable to change SCL value of an email after it is considered as spam by EOP. Based on your scenario, I recommend you could set the mail flow rules with two actions: “Prepend the subject with XX” and “Redirect the message to '******@domain.com.au’”, I have tested the two actions in a mail flow rule, and it works.

If above rule works, then we need to handle the problem that redirected email is moved to Junk Email folder, for it, I recommend you bypass the redirected emails are delivered to Junk Email folder of '******@domain.com.au’, you could create another mail flow to achieve it, I will share with you details below:

By the way, since Microsoft 365 for Business is designed for enterprise and Business company, we pay high importance on data security, that is to say we don’t recommend customer to transfer spam emails, if you have further concern, you may offer me the demand about why you want to transfer these kinds of emails, such as why your work emails are considered as spam, so that I can offer you better assistance, thanks for your understanding and waiting.

Kind Regards,

Betty