Office 365 Spam Filter

If you work in healthcare and regularly receive spam and malicious emails in your Office 365 inbox there is a strong probability that you only have the basic level of spam protection and your organization may be exposed to an excessive level of risk.

Microsoft has an extensive range of products within its Office 365 suite and actively markets those products to healthcare organizations, including email services. There are now in excess of 165 million Office 365 users and that figure is increasing at a rate of around 3 million a month. It is clear that its products are much loved and extremely popular.

The products fulfil many needs in healthcare and Microsoft has achieved the highest possible HITRUST CSF rating for Office 365. Microsoft supports HIPAA compliance and its Office 365 products are covered by its business associate agreement.

One area where Office 365 attracts a lot of complaints is the volume of spam and phishing emails that bypass Office 365 anti-phishing defenses and make it to inboxes where they can be opened by employees.

Microsoft’s signature-based detection mechanisms will block known malware threats, but phishing and spam emails often sneak past defenses. The standard Office 365 spam filter – Exchange Online Protection (EOP) – is heavily reliant on Real-time Block Lists (RBLs) to determine whether a message is genuine and should be delivered or if it is spam and should be blocked.

RBLs are constantly updated lists of domains and IP addresses that have been reported as being used for spamming or other malicious purposes. Any messages from those domains will be automatically flagged and quarantined.

To get around the problem of RBLs, spammers change domains frequently. By the time an IP address has been added to an RBL, it has already been abandoned and replaced. Alternatively, hundreds of different domains may be used, with each sending mail at levels below the spamming threshold. These campaigns are often tested on dummy Office 365 accounts to ensure the messages are delivered before the campaign is launched.

The Office 365 spam filter problem is not due to a lack of technical expertise. More advanced anti-spam and anti-phishing mechanisms are available from Microsoft, but they are only included in the Advanced Threat Protection (ATP) package.

Microsoft claims APT offers comprehensive protection against phishing attacks and other email threats. Without the advanced features included in APT or third-party anti-spam solutions, spam catch rates are much lower. At the basic level – Exchange Online Protection –only a moderate level of protection against email threats is provided

In healthcare, more advanced anti-spam and anti-phishing features are required and better detection rates are needed. The industry is being heavily targeted by hackers and phishing is the number one method of attack.

To ensure phishing risk is effectively managed and reduced to an acceptable level, advanced anti-spam and anti-phishing protections are required. That means Microsoft APT should be applied or a third party dedicated spam filtering solution used on top of Office 365 to provide a greater level of protection.