Overview
EOP is a cloud-based filtering service that protects organizations against spam, malware, and other email threats. EOP provides several checks for processing incoming email. An email has to pass each step to move on to the next.
Procedures
STEPS:
- Sender’s reputation: Majority of spam is stopped and rejected at this point by EOP.
- Malware: Message and attachment(s) if any is inspected for malware.
- Policy filtering: Evaluated against mail flow/transport rules on the Exchange admin console.
- Content filtering: Message passed through content filtering (anti-spam and anti-spoofing) where harmful messages are identified as spam, high confidence spam or phishing.
If the message passes all these checks the following can happen:
- Message is delivered to recipient’s Inbox.
- Message is delivered to recipient’s Junk folder.
- Message is quarantined – safe enough for recipients to review quarantine report that is received on a daily basis if any new messages are quarantined in the last 24 hours.
Inbox Messages
- Majority of messages received in a recipient’s Inbox will be legitimate emails.
- Important to note, after first moving to EOP, individuals will most likely receive more unwanted email initally as EOP needs to go through a re-training period per individual's preferences.
- Unsubscribing: If an option, choosing to unsubscribe from unwanted but legitimate emails is a good process to stop receiving these emails. If an unwanted email has an UnSubscribe option and it appears to be from a legitimate vendor then you can choose to Unsubscribe from future emails. Make sure you hover over the Unsubscribe button and that the link points to a domain associated with the purported sender before clicking it. If it appears shady just mark as Junk.
- Individuals can mark emails as Junk if they no longer want to see future emails from an individual by setting a Block Sender on individual emails. (See below- Managing Safe or Blocked Sender's List)
- External messages will be prefaced in the subject line with: [EXTERNAL] and the body of the message will start with:
[Caution message for emails originating out of organization]
NOTE: Selected third-party services that use email are exempt from the EXTERNAL labeling. For example: Percipio emails. If there is need to add an external email to be EXEMPT from this caution, please submit a Support Request with details. The request will be reviewed.
- Some messages may also show the majority of message but block some content. If this occurs, this will show first in the body of the message above the yellow Caution.
Individuals have the option to I trust content from sender which will add the sender to an individual’s Safe sender list, just Show blocked content for this one message, or simply ignore and review message as is.
NOTE: There is a limit of approximately 1000 entries for an individual safe sender’s list.
Junk Folder
- Emails that end up in the Junk folder are delivered there if they are determined not malicious but appear to be Junk on the admin console. Often these are from vendors or harmless campaign emails.
- Emails in the junk folder that individuals do not deem to be junk for themselves can mark them as not junk. Depending on the email client, this will add the sender’s email to the individual’s Safe Sender’s list. (See below- Managing Safe or Blocked Sender's List)
- It is important to note, that Junk filtering settings at the email client side does not override the admin console settings. If you want less junk to go to your Junk folder, it is recommended to turn off Junk filtering on email clients – but be aware that this does not turn off Junk filtering on the console – so the Junk folder still needs to be reviewed by individuals.
- It may be a good idea to mark your Junk folder as a favorite to bring it to the top of email clients to remember checking it periodically.
Quarantined emails
- Emails that pass the steps but could be potentially dangerous or appear more unwanted than Junk are quarantined but sent in a quarantine report for individuals to review.
- Quarantine reports are sent daily (if there are new emails quarantined since the last report), but the time received will vary.
- An individual’s first quarantine report will appear as below and you can choose to trust content from quarantine@messaging.microsoft.com Note: EOP will not require a connection to the RPI network to take action on quarantined messages.
[Quarantine message noting "Some content in this message has been blocked because the sender isn't in your Safe senders list"] - At that point you can review messages in the current report.
- You can also go to the quarantine page at any time to review quarantined messages for the past 30 days. These emails can be ignored, released or block sender from future emails. https://security.microsoft.com/quarantine
[Review These Message dialog box showing one message and the Review Message button highlighted]
Managing Safe or Blocked Sender’s list:
Individual emails or domains can be added to an individual’s safe or blocked sender’s list. These entries do not overrule entries found at the server not passing the 4 checks outlined above. There is a limit of approximately 1,000 entries for the safe sender's list and 500 for the blocked sender's list.
Outlook Web Access:
- Login on a browser: https://outlook.office.com
- In the upper right corner, click Settings
- Towards the bottom click View all Outlook settings
- Click Mail on the left
- Click Junk email in middle column
- Click Add or edit current entries in Blocked and/or Safe senders or domains
- Option to "Trust email from my contacts"
Outlook 365 for Windows:
-
Home tab – in the Delete section on the ribbon – Junk email options
[Junk E-mail Options feature] - Safe Senders, Safe Recipients and/or Blocked Senders can be updated
Note: The selections on the Options tab will not override the EOP junk filtering rules
[Junk Email Options screen with Safe Senders, Safe Recipients, Blocked Senders tabs circled in red]
Outlook 365 for Mac:
New Outlook on:
- Mark as Junk: Highlight email in Inbox - click on Message in the menu bar - Click on Block - click OK (unsure if this adds subsequent emails from same address as Junk because it doesn't add address to blocked sender's list)
- Mark as Not Junk: Open email in Junk folder - Highlight the email address - click on "Mark as Not Junk". The email address is added to the safe sender's list and future emails from that sender will be received in the Inbox
New Outlook off:
- Mark as Junk: Highlight email in Inbox - Junk on taskbar (may be in the Move section) - click on Block Sender. This adds the email address to Block sender's list.
- Mark as Not Junk: Open email in Junk folder - Junk on taskbar - Not Junk (unsure if this adds subsequent emails from same address as Not Junk because it doesn't add address to safe sender's list)
Mac Mail:
- The Mac Mail client does not support EOP for marking junk or not junk. It is necessary to login to Outlook Web Access: https://outlook.office.com
- Follow above information for Outlook Web Access
- On a Junk email, if you wish, you can click on Message - Add Sender to Contacts - then make sure "Trust email from my contacts" is checked in Junk email settings in OWA
Thunderbird:
- The Thunderbird client does not support EOP for marking junk or not junk. It is necessary to login to Outlook Web Access: https://outlook.office.com
- Follow above information for Outlook Web Access
References/Links
https://itssc.rpi.edu/hc/en-us/articles/360042031492-Reporting-Spam-Phishing-Email-Attempts
Comments
0 comments
Article is closed for comments.