Skip to main content
Microsoft 365

Manage spam notifications with Exchange Online Protection

Shobhit Sahay (@shobhits) is a product marketing manager on the Exchange team.

Last March we released a shiny new version of the email filtering service formerly known as Forefront Online Protection for Exchange (FOPE). This new service, called Exchange Online Protection (EOP), provides spam and malware filtering in the cloud for $1 per user per month. Exchange Online Protection is already included in Exchange Online and for Office 365 for business customers.

We update the service frequently with new capabilities. In June we released the ability to create custom spam and malware filter policies and apply them to specific domains, groups, or users. This week we’re beginning to roll out a couple of key additions: localized end-user spam notifications and the ability to configure the frequency from 1 to 15 days.  Customers will see these updates by the end of October.

Spam notifications

Email filtering gateways do a great job of filtering out obvious spam, but a small percentage (about 3%) of email comes through that is likely to be spam. Users don’t want these messages in their inboxes, but they often like to review them to make sure no good messages (false positives) are mixed in with the bad.

Exchange Online Protection provides two primary options for handling spam detected by our content filters. Customers can have spam sent to the Junk Email folder in Outlook and Outlook Web App or they can direct it into a web-based quarantine.

Sending spam to the Junk Email folder is the typical choice for customers who run Outlook and Exchange Server, because it’s the simplest approach for users to understand. However, some customers have non-Exchange email systems that don’t support the Junk Email folder approach, or they just prefer the spam quarantine. For example, many former Postini customers switching to Exchange Online Protection used spam quarantine in the past, and they want to continue using that familiar method.

Since it was launched, Exchange Online Protection has supported spam quarantine, but the administrator was the only person who was able to release spam messages from quarantine in the Exchange admin center. With today’s release you can configure Exchange Online Protection to give users self-service management of spam-quarantined messages. You can now receive regular notification emails with a summary of your spam messages being held in quarantine.

You can receive a summary notification of your quarantined spam messages regularly in your inbox.

If you find a legitimate email in the list of spam messages, you can simply click a link and the email will be released from quarantine and delivered to your inbox.

To read more about how to configure and use end-user spam notifications, see these TechNet articles:

In addition to adding the ability for users to receive quarantined spam notifications, we are also releasing two new enhancements for administrators:

  • The ability to adjust the frequency from 1 to 15 days, an extension of the current configuration frequency of 3 to 15 days.
  • Support for spam notification text in additional languages beyond English.

You configure spam notifications in the Exchange admin center via the Protection page, on the content filter tab. Just click Configure end-user spam notifications… 

Clicking Configure end-user spam notifications… in the Exchange admin center allows you to enable/disable spam notifications for users, set the frequency from 1 to 15 days, and customize the notification language.

Ability to customize spam and malware policies by domain, group, or user

While most customers maintain a single set of organization-wide filtering settings, some have asked for the ability to configure customized spam and malware policies for specific domains, groups, or individual users. Starting last June Exchange Online Protection gives you this ability. For example, in the Exchange admin center, you can create a custom malware filter policy for your customer service representatives that is unique from the rest of the users in your organization, so that they can more likely receive customer responses without those being falsely identified as spam.

You can manage malware filters in the Exchange admin center on the Protection page, via the malware filter tab.

The settings for malware filtering and content filtering can all be managed with per-domain, per-group, or per-user granularity. You can learn more about these policies in these TechNet articles:

Spam notifications and granular spam/malware policy management are available today for customers who use Exchange Online Protection with their on-premises mailboxes and for Office 365 for business customers. Localized spam notifications and the ability to configure notification frequency from 1 to15 days are beginning to roll out today and will be available within the next few months.

More spam notification improvements are on their way, by the end of the first quarter 2014 including:

  • Enabling admins to configure spam notifications independently from spam detection policies.
  • More granular control for spam notification settings beyond the current organization and domain scope.
  • Enabling users to access quarantined messages on demand through a web portal.
  • Admin configuration for allowing users to submit spam examples.

We’re always looking for ways to make it easier for you to keep spam and malware out of your mailboxes. Enjoy these new features, and keep the feedback coming!

–Shobhit Sahay (@shobhits)