Harden Office 365 Antispam per Mailbox
Recently we saw how to configure the anti-spam for Office 365 and Exchange Online :
More recently, I tried a new method to be even more aggressive against unwanted mails. This is not necessarily spam per say, but mails from unwanted people, this can happen a lot if you have some users with a very public name and job coupled with a “standard” mail naming convention. I particularly think of jobs with “C*O” in the name.
For those special users, you can modify the anti-spam configuration of their mailboxes to junk all incoming mails, except the one from trusted senders and domains.
Harden Office 365 Antispam per Mailbox – Enable
To achieve this, you need to use the Set-MailboxJunkEmailConfiguration, and the “TrustedListsOnly” parameter.
You may want to combine this parameter with the “ContactsTrusted” one, to be sure that the mailbox contacts are trusted, and limit the false positive.
Harden Office 365 Anti-spam per Mailbox – Result
Once the cmdlet ran, all incoming mail coming from untrusted senders will be considered as junk email :
Mail from a contact :
Mail from unknown sender :
As we can see, the feature is pretty unforgivable, the name is the same, the mail content is the same, and, as a matter of fact, only the mail domain change from the two senders. That’s why a good trusted list is a key point when you enable this kind of anti-spam.
Harden Office 365 Anti-spam per Mailbox – Customization
If you have Outlook, you also have a nice option :
This will allow you to have a more complete safe sender list and limit the false positive for your users.
You can also populate this list with PowerShell with email addresses, or mail domains. You need to use the same cmdlet, but a different parameter “TrustedSendersAndDomains” :
Set-MailboxJunkEmailConfiguration -Identity email@example.com -TrustedSendersAndDomains firstname.lastname@example.org
When you use this method, each user will be able to read and modify this list from Outlook in the junk e-mail configuration :
Note : With this method you completely bypass the “intelligence” provided by Exchange Online Protection, and you adopt a kind of “dumb” behavior like FireWall with “junk everything but”.