Share via

Best practice to test the O365 Anti-spam

Marc 631 Reputation points
2021-07-04T14:26:21.187+00:00

Once setup O365 Anti-spam [new Microsoft 365 Defender] what is the best way to test it?
Best practice, avoiding to expose the users too much, using specific tools, creating false email spam , trace, etc ...

Thanks

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,503 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,999 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 145.6K Reputation points MVP
    2021-07-04T14:57:03.283+00:00

    You can simulate spam using this link:
    https://o365info.com/simulate-spam-mail/

    Best practices:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide

    Config Ananlyzer:
    https://www.powershellgallery.com/packages/ORCA/1.10.6

    quarantine:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide

    Tuning anti-phishing:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-worldwide

    After that, you monitor and adjust as necessary.
    If you need to safelist senders, follow:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide

    111652-image.png

    Ensure you have correctly setup your SPF/DKIM and DMARC records as well:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide

    This is very important so that 365 can easily tell when external users are attempting to spoof your domain nd send inbound messages to your users!

  2. Joyce Shen - MSFT 16,651 Reputation points
    2021-07-05T05:39:47.7+00:00

    Hi @Marc

    Agree with the suggestions above from Andy.

    Use the Generic Test for Unsolicited Bulk Email (GTUBE). It's a standardized spam signature used precisely for testing spam filters.

    Put this in the body of the test email:

    XJS*C4JDBQADN1.NSBN3*2IDNENGTUBE-STANDARD-ANTI-UBE-TEST-EMAILC.34X
    and it will force the mailb to be recognized as spam.

    In addition to the spam, the official document also provided a way to Simulate a phishing attack. You could refer to this if you need.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.