No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Spam Levels Very High

This question is not answered This question is not answered

Hello,


We recently switched from Rackspace hosted Exchange to Office 365 Enterprise. Since doing so, incoming spam has reached unprecedented levels. According to the FOPE admin tool, tens of thousands of messages are being rejected as spam, but I don't have any way that I can see of actually viewing a list of those precise messages.

I've turned on all the "Additional Spam Filtering" (ASF) options but I'm still getting email that has headers with "X-SpamScore:" at high levels (like 10+). Additionally, I'm seeing a ton of serious spam - the kind with nude photos - getting through with scores that are negative. We have no whitelist filtering or policies in place at this point so I can't see how such obvious spam is getting through.


I personally forward all my email to a Google Apps account which seems to catch nearly everything but the users who are directly connecting to the Exchange service are inundated. Should I run everything through a pre-filter like Postini? What options are available?


Ideally, I'd love for anything with an x-spamscore header above 3 to be quarantined for review, but I don't even see where you can set SCL threshold in FOPE, though I see mention of it online.


Any help/guidance would be appreciated - I've already gone through every tutorial I can find on FOPE at Technet. There's just not a lot of documentation for Office 365 spam prevention yet.


Thanks,
JM

All Replies
  • Quick update on this. I spoke with technical support for FOPE and they suggested I would need to begin adding policy rules. I've added foreign character sets and that's catching a few here and there. What I don't understand is how blatant spam is getting to inboxes - stuff with nudity, etc. What's the point of a spam filter if I have to write the rules myself? Forwarding mail to abuse@messaging.microsoft.com seems to have no discernible effect - again, the spam is different by the time they're addressing it.

    I know our domain receives a significant amount of spam but no more than any mid-sized organization. One of the reasons we switched to 365 was for better spam prevention. Really regretting that decision now. I don't have time to constantly manage a set of policy rules. By the time I've addressed one concern, there's a new one.

    Was hoping someone would offer up the silver bullet that I missed, but after days of reading and allowing myself to get sucked into the godforsaken world of proprietary jargon that is MS, the situation is as awful and unintuitive as I'd feared. I don't have the heart to switch providers again as this has been traumatic enough for our users... guess I'll look into external spam filters. Does anyone have recommendation on Postini vs. others?

    Thanks,

    JM

  • Hello JM,

    This is definitely an unusual situation, as FOPE should be flagging everything that's spam as spam.  It's a very efficient service and you shouldn't be seeing any of these messages come through as legitimate messages.

    Check some of the items that look like they've been coming through.  If FOPE thought it was spam, it would set an X-Header that's called X-FOSE-Spam.  If that shows up, then the message should've been filtered to your junk e-mail folder.  If it wasn't, you'll want to check Outlook to make sure that it's filtering correctly as that means there's a break in Outlook.  If obvious spam isn't getting flagged with that header then it means there's a problem witn your FOPE filtering and you'll want to open a new service request with our support team to troubleshoot that.

  • Thanks for the reply. I've actually got it quarantining anything marked as spam so nothing with those headers would make it through to Exchange or Outlook. In fairness, FOPE is blocking close to 20k messages a day, but it continues to let through extremely obvious spam by the hundreds. Adding foreign char set policy helped grab another 200/day or so, but a ton of this is stuff with Arabic or Chinese characters in subject and body. These don't contain any charset definition so they don't get caught.

    Then I figured - this will be easy - just write a regex that blocks on that unicode character range. No dice since FOPE regex doesn't allow non-ascii characters (even if they're escaped). I just want to do something like .*[\u0600-\u06FF].*

    I would really appreciate hearing any examples where specific foreign characters in subject or body have been dealt with. Also, dictionaries don't allow non-ascii....

    Thanks again,

    Jason

    Also, I already opened a ticket w/Forefront team - that's where I learned about the character set exclusion method. But I was told basically that you have to write granular rules for everything.... which I would even be willing to do, but not sure how if I can't match foreign chars. We're also actively forwarding everything we can to abuse@

  • Hello Jason,

    I would recommend asking the Forefront team to investigate this as a possible malfunction of your filtering, as normally you shouldn't need to create any policy rules to deal with these sorts of problems.  It's possible that the engineer you're working with may be approaching this thinking that you'd simply like to create a strict filtering system, when what's really at stake is that your filtering isn't working correctly period.

  • >>This is definitely an unusual situation, as FOPE should be flagging everything that's spam as spam

    This is wrong. I am having the exact same experience. FOPE does a terrible job filtering spam. The support techs tow the same line as Alexander above... saying my case is unusual, I don't buy it. The last tech I spoke to was trying to convince me that the 40 or so BLATANT spam messages I received that day were not really spam and that I should unsubscribe to them. That's laughable. The system doesn't filter spam properly, the techs are in denial (as in above), and their workarounds don't work. I am really shocked about how the whole thing.

    1 out of 1 people found this post helpful.

  • We're experiencing the exact same issue.  We used to use Postini and there was so little maintenance involved.  

    With FOPE, we have little to no control over our spam (unless we want to manually write out rules for various spam).

    Honestly, I am shocked that Microsoft, having had so many years of experience with email and spam filtering could get this so wrong.  


    This is the quote about FOPE that Microsoft is touting:


    "The services provided by FOPE easily work together and require little to no user-modification to be effective. Once you have activated your FOPE service by completing the FOPE setup and provisioning steps (as shown in ), FOPE blocks more than 98 percent of unwanted email and 100 percent of known viruses, reducing message traffic and improving the efficiency of your corporate messaging infrastructure."


    I really hope there are some changes down the pipeline to improve FOPE.


    With Postini, 80%+ spam was getting caught, with FOPE, 50% or less.