MS 365 Exchange : spam & malware filters : worthless ??

Forums › IT Pro and developers › MS 365 Exchange : spam & malware filters : worthless ??

1101

3141 posts

Uber Geek
+1 received by user: 1143

#259733 18-Oct-2019 09:56

Are 365 Exchange's Spam & malwarefilters damn near worthless ?

So MS's filters cant detect when email is spoofing as a MS email ? , ie they didnt block email pretendng to be from MS itself

Dynamic

4015 posts

Uber Geek
+1 received by user: 1851

ID Verified

Trusted

Lifetime subscriber

#2340080 18-Oct-2019 10:13

We encourage the use of third party anti-spam systems for our clients to supplement the built-in stuff. Like Windows Defender, the Microsoft anti-spam stuff is better than nothing, but not by a big margin.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

dt

1152 posts

Uber Geek
+1 received by user: 371
Inactive user

#2340095 18-Oct-2019 10:32

yeah do no solely rely on inbuilt protections, if its not their core business focus it usually does the bare minimum.

even on prem exchange has built in malware and spam detection

I dont believe it will natively drop spoofed emails either, this needs to be configured

Jogre

182 posts

Master Geek
+1 received by user: 40

#2341372 21-Oct-2019 13:56

1101:

Are 365 Exchange's Spam & malwarefilters damn near worthless ?

So MS's filters cant detect when email is spoofing as a MS email ? , ie they didnt block email pretendng to be from MS itself

similar to this, so its not uncommon
https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/

At a baseline, not really. Adding ATP is a solid option for most partners as you have a range of policies (safe links and anti-phishing) you can put in place to protect against this. Unfortunately, most partners just put SPF records in place as a 'least-effort' solution, but that doesn't protect you when someone spins up a trial then you're both using 365 and passing SPF checks.

Jono Green

Microsoft New Zealand

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 841

Trusted

Lifetime subscriber

#2341486 21-Oct-2019 18:56

1101: Are 365 Exchange's Spam & malwarefilters damn near worthless ? ...

I think so.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2341681 22-Oct-2019 10:11

Jogre:

At a baseline, not really. Adding ATP is a solid option for most partners as you have a range of policies (safe links and anti-phishing) you can put in place to protect against this. Unfortunately, most partners just put SPF records in place as a 'least-effort' solution, but that doesn't protect you when someone spins up a trial then you're both using 365 and passing SPF checks.

MS's filters should be able to block email spoofed to look like Official MS email's
They dont.

Email claims to be from MS => check server IP it came from => block if not from MS's servers
Is that really too hard ?
I mean, its would help to protect MS's 365/exchange , would help stop 365 stolen passwords being used to sent 10000's of spams from MS's servers

Jogre

182 posts

Master Geek
+1 received by user: 40

#2342419 23-Oct-2019 12:37

1101:

Jogre:

At a baseline, not really. Adding ATP is a solid option for most partners as you have a range of policies (safe links and anti-phishing) you can put in place to protect against this. Unfortunately, most partners just put SPF records in place as a 'least-effort' solution, but that doesn't protect you when someone spins up a trial then you're both using 365 and passing SPF checks.

MS's filters should be able to block email spoofed to look like Official MS email's
They dont.

Email claims to be from MS => check server IP it came from => block if not from MS's servers
Is that really too hard ?
I mean, its would help to protect MS's 365/exchange , would help stop 365 stolen passwords being used to sent 10000's of spams from MS's servers

But we use 365 so if we check the server IPs, it'd check out 😅

It is a challenge, but we need to balance privacy as well so we can't just check the body of the message for telltales unless there's a link in there that ATP can test out. Anti-phishing policies in ATP check spoofing of the From Headers which would pick this particular phishing attack up.

Jono Green

Microsoft New Zealand

Dell

Shop now for Dell laptops and other devices (affiliate link).

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2342865 24-Oct-2019 10:29

sound like excuses :-)

"@accountprotection.microsoft.com"
Spammers using/spoofing that email domain , its been happening for some time
Its common enough that MS's forums are full of questions about it, lots of Tech website mention it

Is it REALLY that hard to , by default, either block or do a basic check on @xxxxx.microsoft.com .
Even some of the worst email hosting services can do better with their spam filters .

spammers/hackers pretending to be MS , nothing too serious it seems then.
Have your own (365) customers a/c's potentially compromised , pfft .

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2343414 25-Oct-2019 10:36

and another one

The default 365 spam filter cant detect when noreply@microsoft.com is a spoofed email , trying to steal 365 logins & passwords

I guess we just wait till the problem is so bad that MS is shamed into doing something

CYaBro

4708 posts

Uber Geek
+1 received by user: 1182

ID Verified

Trusted

#2343486 25-Oct-2019 12:46

Microsoft want you to pay for ATP.

I use MXGuardDog with some of our O365 tenants and disable the Junk mail filter in O365 completely.
Works great and very cheap at US$0.25 per email address.

Opinions are my own and not the views of my employer.