Cautions against bypassing Microsoft 365 spam filters
This article discusses why you shouldn't bypass spam filters in Microsoft 365. This article applies to both users and administrators who do the following:
- Manage the Tenant Allow/Block List.
- Enable Allow or block lists in Spam Filter policies.
- Skip scanning in Transport Rules.
- Enable Safe and Blocked senders in Outlook or Outlook on the Web.
If you use these lists or options, consider the following guidelines:
We recommend that you don't use these features because they may override the verdict that is set by Microsoft 365 spam filters. Instead, we suggest that you report junk email messages to Microsoft for analysis to help reduce the number and effect of future junk email messages.
If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through. Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve, and verdicts could improve over time.
It's important that you take the following precautions:
- Never put domains that you own onto the Allow and blocklists.
- Never put common domains, such as microsoft.com and office.com, onto the Allow and blocklists.
- Don't keep domains on the lists permanently unless you disagree with the verdict of Microsoft.