Share via

Best practice to test the O365 Anti-spam

Marc 631 Reputation points
2021-07-04T14:26:21.187+00:00

Once setup O365 Anti-spam [new Microsoft 365 Defender] what is the best way to test it?
Best practice, avoiding to expose the users too much, using specific tools, creating false email spam , trace, etc ...

Thanks

Exchange | Exchange Server | Management
Exchange | Hybrid management

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.9K Reputation points MVP Volunteer Moderator
    2021-07-04T14:57:03.283+00:00

    You can simulate spam using this link:
    https://o365info.com/simulate-spam-mail/

    Best practices:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide

    Config Ananlyzer:
    https://www.powershellgallery.com/packages/ORCA/1.10.6

    quarantine:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide

    Tuning anti-phishing:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-worldwide

    After that, you monitor and adjust as necessary.
    If you need to safelist senders, follow:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide

    111652-image.png

    Ensure you have correctly setup your SPF/DKIM and DMARC records as well:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide

    This is very important so that 365 can easily tell when external users are attempting to spoof your domain nd send inbound messages to your users!

    1 person found this answer helpful.
  2. Joyce Shen - MSFT 16,701 Reputation points
    2021-07-05T05:39:47.7+00:00

    Hi @Marc

    Agree with the suggestions above from Andy.

    Use the Generic Test for Unsolicited Bulk Email (GTUBE). It's a standardized spam signature used precisely for testing spam filters.

    Put this in the body of the test email:

    XJS*C4JDBQADN1.NSBN3*2IDNENGTUBE-STANDARD-ANTI-UBE-TEST-EMAILC.34X
    and it will force the mailb to be recognized as spam.

    In addition to the spam, the official document also provided a way to Simulate a phishing attack. You could refer to this if you need.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.