Tuesday, September 3, 2013

New EOP Spam Notification Email

EOP Spam Notification Email

The Exchange Online Protection (EOP) service description has been update - http://technet.microsoft.com/en-us/library/anti-spam-and-anti-malware-protection-in-eop.aspx.

One feature in particular I am excited to write about is the new Quarantine End User Self-Management feature. Some of you may know in the previous FOPE solution that allowed end users to be given direct access to the quarantine management in FOPE administration. This is no longer allowed in the new EOP solution with Exchange Online.

Now end users can receive a spam notification email which contains a list of spam-quarantined messages received in the last three days. End users can release the quarantined email to their inbox and report the email as Not Junk through the email.


Turning It On

For instructions, go here - http://technet.microsoft.com/en-us/library/dn296367(v=exchg.150).aspx

As you can see here, I just went to my Content Filter policy and simply clicked the link turn on End-user spam notifications.


From a Policy Perspective

EOP has some really flexible configurations that will allow you to create a policy that meets the needs of your end users. Really your end users do not need direct access to the quarantine management area; the Junk Mail folder is recommended. Think about these points:

  • Content Filter Policies – For each content filter policy you create, you have the ability to send email to either the quarantine or the junk mail folder (there are actually several other options but let’s just keep with this line of thought). In a content filter policy you can create rules that send some spam to the quarantine and other spam to the junk folder. A common configuration would be to send High Spam Confidence Level (SCL) to the quarantine, while sending Low SCL email to the junk mail folder. This is good because it allows end users to have direct access low SCL email. If email has a high SCL (it was tagged that for a reason) and there is a strong chance the end user really does not need to have immediate access to it.
  • Multiple Filter Policies – Remember you can create multiple content filter policies in EOP that can be assigned to users, groups and even email domains. So it is possible to only turn on end user spam notifications for a subset of end users.
  • Transport Rules – Remember you have transport rules at your disposal that can analyze the email. You can create your own rules that change SCL of a message.
  • Outlook / OWA Safe Senders – Remember end users’ safe and block lists (set in Outlook or OWA) are taken into consideration as the email is being filtered. Why is that important? Remember one end user may regard an email as spam while another user may believe the emails is completely legitimate email (let’s take phishing out of the picture for a second <g>; and yes EOP has solutions for that too).
  • Retention on Junk Mail Folder – I have also had people say to me, well if the email is going to in the Junk Mail folder is that going to take up space in their mailbox? Well yes, but that is what retention rules are for. By default the Junk Mail folder retention period is set to 15 days. You can make that shorter or longer.

The point that I want to make is that organizations have choice in their configurations. You can use quarantine, junk mail folder, transport rules, safe sender lists, etc. to come up with a great solution.

No comments: