On-premise user receive spam

adam900331 50

Hy!

I have a Hybrid Exchange. The MX is point to Exchange Online. There are some user on our on-premise Exchange. There is a distribution list: sales@domain.com. The on-premise users who are in distribution group get spam too much message, but users who is in cloud, doesn't get any spam. The spam message SCL is 1. Why? I dont understand this situation. Why don't filter the EOP these spam message? Thanks.

Amit Singh 4,901 Reputation points

2024-10-04T05:52:05.89+00:00
By identifying spam issues, you can try these ways to detect it.

Through EAC or using PowerShell for both on-premises and EXO, review the spam filter settings.

You can check the EOP message trace to know how its handling.

You can inform on-premises users about how to reduce spam.

1 answer

Jake Zhang-MSFT 6,385 Reputation points Microsoft Vendor

2024-10-03T08:06:02.51+00:00
Hi @adam900331 ,

Welcome to the Microsoft Q&A platform!

Based on your description, you are experiencing a common problem in a hybrid Exchange environment where the MX record points to Exchange Online but some users are still on-premises. Here are some potential reasons and solutions for why on-premises users receive spam but cloud users do not:

Make sure your mail flow is configured correctly. Because your MX record points to Exchange Online, all incoming emails should be filtered by Exchange Online Protection (EOP) before being routed to on-premises users. If mail flow is not set up correctly, some emails may bypass EOP filtering.

For hybrid environments, it is critical to enable enhanced filtering for connectors. This ensures that EOP applies the same filtering to emails routed to on-premises users as it does to cloud users.

An SCL of 1 means that the message has a low risk of being considered spam. However, if these messages are indeed spam, you may need to adjust the spam filtering policies or rules in EOP to make them more aggressive.

Check if there are any transport rules that may affect spam filtering for on-premises users. Sometimes, specific rules may inadvertently allow spam to pass.

Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

Best,

Jake Zhang
Please sign in to rate this answer.
adam900331 50 Reputation points

2024-10-04T09:31:29.4233333+00:00

Hello,

I give answer to your suggestion:

1.: The MX is point to Exchange Online, so all incoming e-mail go into organization through EOP.

2.: The enhanced filtering for connectors is enabled. How can I check that EOP applies the sami filtering to emails routed to onpremis user?

3.: How can I set more agressive the default spam policyM

4.: There aren't any transport rule.

Thanks.

Jake Zhang-MSFT 6,385 Reputation points Microsoft Vendor

2024-10-04T09:57:46.9333333+00:00

Hi @adam900331 ,

Thanks for the details! Let's discuss each:

To ensure that EOP applies the same filtering to emails routed to on-premises users, you can:

Check the message headers of emails received by on-premises users to see if they have passed through EOP. Look for headers that indicate EOP processing (such as X-Forefront-Antispam-Report).

Verify that enhanced filtering for the connector is configured correctly. This ensures that EOP applies its filtering to emails sent to on-premises mailboxes.

To make your spam policy more aggressive in EOP:

Use the Standard or Strict preset security policies in the Microsoft Defender portal. These policies are designed to provide stronger protection against spam and other threats.

You can also create a custom anti-spam policy to adjust the sensitivity of spam filtering. This can be done under the Anti-spam Policies section of the Microsoft Defender portal.

Steps to configure anti-spam policies:

Go to the Microsoft Defender portal.

Select Policies and Rules > Threat Policies > Anti-spam.

Adjust settings in the default anti-spam policy to make spam filtering more aggressive.

If needed, create custom policies for specific users or groups to fine-tune spam filtering settings.

Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

Best,

Jake Zhang

Jake Zhang-MSFT 6,385 Reputation points Microsoft Vendor

2024-10-07T05:18:00.6233333+00:00

Hi @adam900331 ,

Please kindly consider this comment as a warm follow up, I want to know if your problem has been solved. If you still have any other questions, please feel free to comment here and I'm glad to provide further support.If the above info is helpful to this question, you can click "Accept Answer". Have a nice day!

Best,

Jake Zhang
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

On-premise user receive spam

1 answer

Your answer