Office 365: Spam Protection - Grid User Post 2011-Oct-10 6:48 PM | Written By Grid Member ![]() As everyone knows Office 365 protects its users from spam and viruses by the Forefront Online Protection for Exchange suite or FOPE. FOPE is also offered as a standalone option for customers looking to host their scanning in the Cloud. For those of you not familiar with FOPE and its features I’d like to review them at a very high level. After that I will review the differences in features and functionality between FOPE Standalone and the various O365 versions. Virus Protection – FOPE provides a layered virus protection system that uses multiple scanning engines on both the inbound and outbound messages for your organization. FOPE uses the Kaspersky, Symantec and Authentium AV engines and always uses ALL THREE when scanning messages. This is important because not all virus definitions are updated at the same time. FOPE servers query for virus definition updates every 15 minutes so if Symantec finds a new virus and releases a virus definition update against it but the other engines haven’t, FOPE customers don’t have to worry because their message will hit the Symantec scanner. In addition to the multi-level engine scanning, there are teams of FOPE engineers that are constantly monitoring virus outbreaks who write sophisticated policy rules that are applied to detect threats. These rules are published to the FOPE global network every 2 hours. Another little nugget of information is related to the Microsoft Virus SLA with FOPE. It states they protect against 100% of known viruses! Spam Protection – Once again FOPE uses a layered Spam protection system that utilizes multiple scanning engines on both inbound and outbound messages. The edge (read, first line of defense) uses various methods such as:
If the message makes it through the edge it is further evaluated on the following criteria:
“That is all well and good, but how effective is it?” I am glad you asked! Out of the box FOPE is 98% effective at blocking Spam which is a score that can be increased by tweaking the additional spam filtering capabilities within FOPE. FOPE also has a ratio of approximately 1 in 250,000 false positive tags or .0004% of spam messages are falsely tagged as spam. Now that we covered what FOPE does let’s take a look at what administrators can do within the FOPE console. FOPE can be accessed through the Office 365 Portal for enterprise customers or by directly accessinghttps://admin.messaging.microsoft.com. One key area to point out is directly off of the main page, if you click the ‘configuration’ tab you get a list of all the FOPE servers. If you are planning on a hybrid solution or migration from an on-premises organization you will need these IPs. From the administration tab you have the option to configure your smart host connectors for inbound and outbound connections. The specific configuration of these connectors in a hybrid environment is covered in the Exchange Deployment Assistant guide. Another possible use for this is a scenario I have run into a few times. If you have an existing hosted spam appliance you can continue to use it, forward to FOPE and back out. Granted this is a ridiculous amount of spam protection, but I have run into the scenario where my client doesn’t want to immediately dump their hosted spam filter. If this is the case, it is a supported option. The area you would spend most of your time is in the Policy tab. Here you can create custom policies by clicking ‘New Policy Rule’ and configuring the various options. If for example if you wanted to reject all inbound messages from a specific IP, or if you want to block all outbound messages with a SSN in the body this would be the place to do it. Finally the filters tab allows you to import custom dictionaries. This is basically a CSV file that contains specific keywords, IP addresses, extensions, etc. you want to apply to a rule. This is commonly used in a scenario where you have a long list of blocked users or IP addresses from a previous host that you want to import into FOPE. First you export the list to CSV from your previous host, then come into the filter section and import the list, create a new rule in the policies tab and link it to your library. The ‘My Reports’ tab allows you to create and schedule report delivery for various topics such as:
Finally the ‘tools’ tab allows you to do searches for any message by entering a source and destination recipient. One side can be vague by specifying a domain name, but the other side must be a specific email address. Now, the Standalone version has much more control than the O365 offerings. One key area that is different is the user quarantine. In the standalone version users each have their own quarantine, messages that are tagged as possible spam go into these quarantines and a digest email is sent to the user notifying them to check their quarantine. However, in Office 365 this feature is NOT AVAILABLE. Rather than providing a quarantine all email is evaluated for a Spam Confidence Level, and based on that score it is processed by Forefront. There are three levels that messages are filtered on:
In order for mail to end up in your junk filter your Outlook client must have junk filtering enabled. No additional configuration is required on the users’ side. Now, not all the features are available for O365 customers, especially in the Small Business or ‘P’ plan. Below is a matrix of what features are, and more importantly, are not available depending on the version of Office 365 you purchase.
![]() View original post (may link to a third-party site) The Grid is full of Office 365 experts that are brimming with great information. The Grid User Post blog series will expose some of The Grid's best content to the entire Office 365 Community. Are you interested in contributing to The Grid? Click here to apply. |