Microsoft anti-phishing policy's First Contact Safety Tip

Venkata V.reddy 25 Reputation points
2024-01-24T09:50:03.9233333+00:00

Hi everyone,

I'm hoping to get some clarity on the Microsoft anti-phishing policy's First Contact Safety Tip. I understand it appears as a sender for new contacts, but I'm unsure about the duration it persists before being removed.

Specifically, I'm interested in learning: what is the default or configurable number of emails before the tag is removed? Alternatively, is there an adaptive duration mechanism based on user interaction? For example, does frequent interaction (opening, replying, forwarding) with emails from a new sender accelerate the removal of the tag? Are there any additional settings beyond the on/off toggle for the First Contact Safety Tip that influence its duration? My current anti-phishing policy only offers the on/off switch, so I'm curious if there are other configuration options I'm missing.

Thank you in advance for your assistance!

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,202 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Yuki Sun-MSFT 41,376 Reputation points Moderator
    2024-01-25T03:10:08.43+00:00

    Hi @Venkata V.reddy ,

    I understand it appears as a sender for new contacts, but I'm unsure about the duration it persists before being removed.

    Yes, as your understanding, the First Contact Safety Tip is shown to recipients in the following two scenarios:

    • The first time they get a message from a sender.
    • They don't often get messages from the sender.

    The first scenario goes without saying, but regarding the second "don't often" scenario, there's no more public information available which explains either the interaction frequency, duration or backend determine mechanism.

    what is the default or configurable number of emails before the tag is removed? Alternatively, is there an adaptive duration mechanism based on user interaction?

    As aforementioned, there is no default or configurable number of emails or duration for the safety tip to be removed. It does likely to depend on user’s interaction with the sender, but the backend mechanism is unknown. Based on my understanding, it could be due to the consideration that if the mechanism is revealed, it could be easier for the impersonation attackers to try to crack it.

    Are there any additional settings beyond the on/off toggle for the First Contact Safety Tip that influence its duration?

    No. Currently there‘s no other settings available for it. For more information about the First Contact Safety Tip, you can check out the article: First contact safety tip.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.