Tuesday, November 4, 2014
Sudden mysterious spam increase with Exchange Online Protection
We've been using Exchange Online Protection and it's predecessor Forefront Online Protection for Exchange for about 5 years now. Somehow, suddenly, in the last couple of months we got a drastic increase in the amount of spam being delivered to users' mailboxes. I found, read, and even commented in this thread where other users were seemingly encountering the same issue.
Eventually I, with no support from MS, found the source of my issue though I'm not exactly sure how it came about.
We had always had our default content filter set to move spam and high confidence spam directly to the online quarantine. At some point this changed to what is now (and maybe always was) the default behavior of delivering the spam to the users' junk mail folder as described in this technet article. We did not have the necessary transport rules in place to actually cause the mail to go to junk email so it was just being delivered to the inbox.
I'm not clear if the default behavior changed, or if our rule had been modified and then subsequently reverted to default.
I can say that we signed up to demo Exchange Online so it's possible that reverted during the setup of our temporary "hybrid" demo situation. The timing seems about right but I can't say for certain this is the root cause of the issue.
Eventually I, with no support from MS, found the source of my issue though I'm not exactly sure how it came about.
We had always had our default content filter set to move spam and high confidence spam directly to the online quarantine. At some point this changed to what is now (and maybe always was) the default behavior of delivering the spam to the users' junk mail folder as described in this technet article. We did not have the necessary transport rules in place to actually cause the mail to go to junk email so it was just being delivered to the inbox.
I'm not clear if the default behavior changed, or if our rule had been modified and then subsequently reverted to default.
I can say that we signed up to demo Exchange Online so it's possible that reverted during the setup of our temporary "hybrid" demo situation. The timing seems about right but I can't say for certain this is the root cause of the issue.
Subscribe to:
Posts (Atom)