SlideShare a Scribd company logo

Internal spam in Office 365 - Introduction | Part 3#17

Eyal Doron
Eyal Doron

Internal spam in Office 365 - Introduction | Part 3#17 http://o365info.com/internal-spam-in-office-365-introduction-part-3-17 What are the possible reasons that could cause to our mail to appear as spam\junk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E-mail as spam\junk mail?. The information is relevant for Office 365 and Exchange Online users but at the same time, most of the information is relevant to all the rest of mail systems. Eyal Doron | o365info.com

1 of 18
Download to read offline
Page 1 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com INTERNAL SPAM IN OFFICE 365 – INTRODUCTION | PART 3#17 In the article, we will review:  What are the possible reasons that could cause to our mail to appear as spamjunk mail?  Who or what are this “elements”, that can decide that our mail is a spam mail?  What are the possible “reactions” of the destination mail infrastructure that identify our E-mail as spamjunk mail?
Page 2 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Why is my mail identified as spam? In a scenario in which our mail is recognized as a spamjunk mail, besides of the unpleasant feeling (nobody wants that the term: “junk” will be associated with him in any way), the major question is: Why is my mail identified as spam? The answer is that there could be many elements and “causes: for this problem and that many times it’s not so easy to “point at” the specific element that is “guilty” for our problem.
Page 3 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Our mission should be: 1. Learn to know each of the “elements” could lead us into a scenario in which our E-mail will be recognized as a spamjunk mail by another recipient. 2. Ensure that our organization users implement the best practices and, avoid actions that could lead to a scenario in which organization mail will be classified as spam. 3. Monitor our organization mail flow looking for a “problematic mail items” or, event that could lead to a scenario in which our mail will be classified as spam. 4. In the worst-case scenario in which the event of “organization mail is classified as “spamjunk mail” implement the required actions to solve this issue.
Page 4 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Who could decide that my mail is a spam mail? 1. Exchange Online In the Office 365 environment, the first element in the “mail flow” that could identify a specific Office 365 user E-mail message as a spamjunk mail, is the Exchange Online by himself. If we want to be more accurate, the element the scan the sent E-mail is the component named: Exchange Online protection. At first look this “behavior” look a little strange because most of the time, we are used to a scenario in which the destination mail server can identify our mail as spamjunk mail and not “our mail server”.
Page 5 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com The reason for using internal outbound spam filtering mechanism in Office 365 and Exchange Online environment is the Exchange Online infrastructure is a “shared mail infrastructure”, that serve at the same time many Office 365 customers (tenants) beside of our organization. Office 365 Infrastructure, is taking extra care to avoid a very unwanted scenarios in which, a specific problematic organization that is hosted at Office 365 will “damage” the reputation of other organizations that is hosted at the same Office 365 Exchange Online infrastructure. Exchange Online include a built-in mechanism in which he checks every outbound mail that is sent by Office 365 users to another Office 365 users or external recipient. In case that Exchange Online “decides” to classify specific E-mail messages as spam mail, he doesn’t block or delete the E-mail message and doesn’t update the SCL value of the E-mail message, but instead, route the E-mail message to a dedicated Exchange Online mail server named: High Risk Delivery Pool Note – We will discuss in more details the subject of- High Risk Delivery Pool in the articles:  High Risk Delivery Pool and Exchange Online | Part 9#17  High Risk Delivery Pool and Exchange Online | Part 10#17 2. Destination mail infrastructure | Mail Security Gateway The “destination mail infrastructure” could be realized as: a device that examines each incoming mail and decides whether to pass the E-mail message, block or increase the SCL value.
Page 6 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com In a scenario in which we notified that E-mail that was sent from organization consider as – a spamjunk mail, the common case is that our organization appears as blacklisted (registered at some Blacklist provider). In the modern mail environment, every organization uses some “security mechanism” (mail security gateway or other security solutions) that scan each of the connection requests that are sent to the organization’s mail server. The “requester” (source mail server) is checked and, only if the connection request considers as “legitimate” to “mail session” is approved. The “verification process” that is implemented by the mail security gateway, is implemented by using different methods, but one of the most basic security cheeks is implemented by accessing a database of “blacklist provider” and verifies that the recipient domain name or the IP address of the mail server doesn’t appear as listed in a blacklist. 3. User mail client Mail clients such as Outlook, include built-in security engine that can classify incoming mail as a spamjunk mail. For example, we can deal with a scenario, in which specific E-mail message that was sent from our users was identified as spamjunk mail by the Outlook client and not by the external recipient mail server. Another option could be a scenario in which the external recipient uses the option of block senders and adds the E-mail address of specific organization users to the list. 4. The destination recipient
Page 7 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com The “person” that our mail is sent to his mailbox can decide to form some reason to report our E-mail message as a spamjunk mail. For example: recipient register to your mailing list in the past, forget that he registered and, when he get E-mail from your organization, he relates to the specific E-mail as spamjunk mail. 5. Desktop security application Antivirus or other desktop security application can be configured to scan incoming E-mail and decide to classify specific E-mail messages as spamjunk mail. What could happen in the case that my mail recognizes as spamjunk mail? In a scenario in which our E-mail recognizes as spamjunk mail by a destination server, there is considerable importance for the external mail server response. In case that the external mail server responds by – sending a “reply” in a form of NDR message, that informs us that our mail was blocked because our mail is spamjunk mail, we are able to be aware of the problem and respond respectively. In a scenario in which the external mail server decides “not to respond”, technically, we have no way to know that there is some problem with E-mail that is sent from our organization. The only way that we can be aware of the problem is – in a scenario in which the external mail server “forward” the E-mail message to the destination recipient and because the email server increases the SCL value, the E-mail is sent to the junk mail folder.
Page 8 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Only if the “destination recipient” fined the E-mail in the junk mail folder and, only if he is “kind enough” to inform us, only then, we can know that we have a problem with mail that is sent from our organization. When our E-mail is accepted by an external mail server and, the external mail server identifies our mail as “spamjunk mail”, the external mail server could implement one of the following options:
Page 9 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Option 1: Block the E-mail message + inform the source mail server that the E-mail message was blocked. This scenario makes our life easier. Is truth that the Office 365 recipients E-mail didn’t get to his destination but, we have a “clear indication” for the failure of the mail delivery. Now, our mission will be: to find what was the reason for classifying our E-mail message as spamjunk mail. Option 2: Block the E-mail message + do not notify the source mail server (silent drop)
Page 10 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com A scenario in which the “destination mail server” classifies the E-mail message as spamjunk mail and, just deletes the E-mail message without sending any notification or update to the “source” that sends the E-mail message. Option 3: Deliver the E-mail message to the destination recipient + Increase the SCL value This type of scenario is the “standard” or the default behavior in Exchange Online environment. In case that the E-mail message is recognized as a spam mail and the “spam level” is “reasonable”, Exchange Online will not block or delete the spam mail, but instead, “stamp” the E-mail message with a high value of SCL (spam confidence level) and, deliver the E-mail message to the destination recipient. The destination recipient” will have to decide “what to do with the E- mail message”.
Page 11 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com In this scenario, the E-mail message will get to the user “Junk mail folder”, and most of the time; users do not tend to look at the junk mail folder. In this scenario the “destination recipient” will usually reports, that he didn’t get the E-mail message, but the E-mail message is “hidden” in his Junk mail folder. Option 4: Deliver the E-mail message to a quarantine queue A scenario that is similar to the former scenario. The difference is that the Mail server delivers the E-mail message that was identified as spam to a special store named: quarantine. Option 5: The mail server doesn’t recognize the E-mail message as spam but, the mail client does. Many mail clients such as Outlook, considers as a sophisticated mail client and has built-in options for recognizing spam mail, create a block sender list, etc. In this scenario, there is a chance that the mail client will decide that a specific E-mail message can be considered as – a spam E-mail message. Exchange Online and SCL In the current article series, we will mention from time to time the term: SCL Q: What is the meaning of SCL? A: The term SCL, stand for Spam Confidence Level
Page 12 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com In simple words, the SCL is a value that is “attached” by the mail server (usually Exchange server) to a specific E-mail item and define the “trust level” of the specific E-mail item from the perspective of: spam. An SCL value such as: “-1” is “saying” that the E-mail item can be fully trusted and a high SCL value such as: 5, “say” that the specific E-mail item considers as spam mail.  Spam Confidence Level Threshold  Outlook unexpectedly marks messages as junk even if the SCL level is lowSpam Confidence Levels  Spam Confidence Level  Junk email with an SCL rating of 5 goes to the inbox  Configure content filter policies  Messages aren’t quarantined when you change the SCL rating in Office 365 or Exchange Online Protection  Exposing SCL (Spam Confidence Level) in Outlook
Page 13 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Internal outbound spam in Office 365 environment | Article series index A quick reference for the article series My E-mail appears as a spam | Article series index | Part 0#17 The article index of the complete article series Introduction to the concept of internal outbound spam in general and in Office 365 and Exchange Online environment My E-mail appears as a spam – Introduction | Office 365 | Part 1#17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal outbound spam. Internal spam in Office 365 – Introduction | Part 2#17 Review in general the term: “internal outbound spam”, miss conceptions that relate to this term, the risks that are involved in this scenario, outbound spam E-mail policy and more.
Page 14 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Internal spam in Office 365 – Introduction | Part 3#17 What are the possible reasons that could cause to our mail to appear as spamjunk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E- mail as spamjunk mail?. Commercial E-mail – Using the right tools | Office 365 | Part 4#17 What is commercial E-mail? Commercial E-mail as part of the business process. Why do I think that Office 365 Exchange Online is unsuitable for the purpose of commercial E-mail? Introduction if the major causes for a scenario in which your organization E-mail appears as spam My E-mail appears as spam | The 7 major reasons | Part 5#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 1. E-mail content, 2. Violation of the SMTP standards, 3. BulkMass mail
Page 15 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | The 7 major reasons | Part 6#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Introduction if the subject of SPF record in general and in Office 365 environment What is SPF record good for? | Part 7#17 The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf. Implementing SPF record | Part 8#17 The “technical side” of the SPF record: the structure of SPF record, the way that we create SPF record, what is the required syntax for the SPF record in an Office 365 environment + mix mail environment, how to verify the existence of SPF record and so on.
Page 16 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Introduction if the subject of Exchange Online - High Risk Delivery Pool High Risk Delivery Pool and Exchange Online | Part 9#17 How Office 365 (Exchange Online) is handling a scenario of internal outbound spam by using the help of the Exchange Online- High Risk Delivery Pool. High Risk Delivery Pool and Exchange Online | Part 10#17 The second article about the subject of Exchange Online- High Risk Delivery Pool. The troubleshooting path of internal outbound spam scenario My E-mail appears as spam – Troubleshooting path | Part 11#17 Troubleshooting scenario of internal outbound spam in Office 365 and Exchange Online environment. Verifying if our domain name is blacklisted, verifying if the problem is related to E-mail content, verifying if the problem is related to specific organization user E-mail address, moving the troubleshooting process to the “other side.
Page 17 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17 What is the meaning of: “our mail server”?, Mail server IP, host name and Exchange Online. One of our users got an NDR which informs him, that his mail server is blacklisted!, How do we know that my mail server is blacklisted? My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17 The troubleshooting path logic. Get the information from the E-mail message that was identified as spamNDR. Forwarding a copy of the NDR message or the message that saved to the junk mail
Page 18 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17 Step B – Get information about your Exchange Online infrastructure, Step C – fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address a De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17 Review the charters of a scenario in which your organization appears as blacklisted. The steps and the operations that need to be implemented for de-list your organization from a blacklist. Summery and recap of the troubleshooting and best practices in a scenario of internal outbound spam Dealing and avoiding internal spam | Best practices | Part 17#17 Provide a short checklist for all the steps and the operation that relates to a scenario of – internal outbound spam.

Recommended

Session 60 Jennie Eriksson
Session 60 Jennie ErikssonSession 60 Jennie Eriksson
Session 60 Jennie ErikssonOccas
 
A Journey to Self-Love
A Journey to Self-LoveA Journey to Self-Love
A Journey to Self-Loveamindmedia
 
12200581 pss7
12200581 pss712200581 pss7
12200581 pss7ducking94
 
7 can ban assembly35
7 can ban assembly357 can ban assembly35
7 can ban assembly35Kinh Khang Linh
 
Book0012 11th ed
Book0012 11th edBook0012 11th ed
Book0012 11th edumeshnagpal20
 
Bet-the-Farm User Experience
Bet-the-Farm User ExperienceBet-the-Farm User Experience
Bet-the-Farm User ExperienceBrilliant Experience
 
#quclms launch presentation
#quclms launch presentation#quclms launch presentation
#quclms launch presentationLaura-Jane Smith
 
FloatMagic Power Point Presentation
FloatMagic Power Point PresentationFloatMagic Power Point Presentation
FloatMagic Power Point Presentationstoneworts
 

Recommended

Session 60 Jennie Eriksson
Session 60 Jennie ErikssonSession 60 Jennie Eriksson
Session 60 Jennie ErikssonOccas
 
A Journey to Self-Love
A Journey to Self-LoveA Journey to Self-Love
A Journey to Self-Loveamindmedia
 
12200581 pss7
12200581 pss712200581 pss7
12200581 pss7ducking94
 
7 can ban assembly35
7 can ban assembly357 can ban assembly35
7 can ban assembly35Kinh Khang Linh
 
Book0012 11th ed
Book0012 11th edBook0012 11th ed
Book0012 11th edumeshnagpal20
 
Bet-the-Farm User Experience
Bet-the-Farm User ExperienceBet-the-Farm User Experience
Bet-the-Farm User ExperienceBrilliant Experience
 
#quclms launch presentation
#quclms launch presentation#quclms launch presentation
#quclms launch presentationLaura-Jane Smith
 
FloatMagic Power Point Presentation
FloatMagic Power Point PresentationFloatMagic Power Point Presentation
FloatMagic Power Point Presentationstoneworts
 
2013 qld pga championship sponsorship invitation
2013 qld pga championship sponsorship invitation2013 qld pga championship sponsorship invitation
2013 qld pga championship sponsorship invitationAndrew Allpass
 
Blogger
BloggerBlogger
Bloggerurip97
 
Exposición baltazar
Exposición baltazarExposición baltazar
Exposición baltazarAlvaro Quintero
 
Parole composte
Parole composteParole composte
Parole composteDanilo Buccarello
 
Test
TestTest
Testhophuong0208
 
Chi sono e a cosa servono le agenzie di rating?
Chi sono e a cosa servono le agenzie di rating? Chi sono e a cosa servono le agenzie di rating?
Chi sono e a cosa servono le agenzie di rating? tonivanuzzo
 
20150314 appforofficestudy
20150314 appforofficestudy20150314 appforofficestudy
20150314 appforofficestudyhipsrinoky
 
asian pharma press -published
asian pharma press -publishedasian pharma press -published
asian pharma press -publishedSachin Sangle
 
Webinar 2013 12-10-presentazione_jm
Webinar 2013 12-10-presentazione_jmWebinar 2013 12-10-presentazione_jm
Webinar 2013 12-10-presentazione_jmsmespire
 
Khoa hoc internet marketing SEO DAO TAO by TTV
Khoa hoc internet marketing SEO DAO TAO by TTVKhoa hoc internet marketing SEO DAO TAO by TTV
Khoa hoc internet marketing SEO DAO TAO by TTVĐào tạo Seo
 
Different broadband options available to the stillorgan area
Different broadband options available to the stillorgan areaDifferent broadband options available to the stillorgan area
Different broadband options available to the stillorgan areaLukeDonnelly11
 
Advocates and Activities
Advocates and ActivitiesAdvocates and Activities
Advocates and ActivitiesJeanneMacAdams
 
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23Eyal Doron
 
Parts of the body (1)
Parts of the body (1)Parts of the body (1)
Parts of the body (1)Mauricio Martínez
 
In-Transition Boot Camp at the Rutgers Club 9.14.2016
In-Transition Boot Camp at the Rutgers Club 9.14.2016In-Transition Boot Camp at the Rutgers Club 9.14.2016
In-Transition Boot Camp at the Rutgers Club 9.14.2016Marianne Grady, SPHR
 
тренды избирательных кампаний
тренды избирательных кампанийтренды избирательных кампаний
тренды избирательных кампанийAndrey Ponomarev
 
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 

More Related Content

Viewers also liked

2013 qld pga championship sponsorship invitation
2013 qld pga championship sponsorship invitation2013 qld pga championship sponsorship invitation
2013 qld pga championship sponsorship invitationAndrew Allpass
 
Blogger
BloggerBlogger
Bloggerurip97
 
Chi sono e a cosa servono le agenzie di rating?
Chi sono e a cosa servono le agenzie di rating? Chi sono e a cosa servono le agenzie di rating?
Chi sono e a cosa servono le agenzie di rating? tonivanuzzo
 
20150314 appforofficestudy
20150314 appforofficestudy20150314 appforofficestudy
20150314 appforofficestudyhipsrinoky
 
asian pharma press -published
asian pharma press -publishedasian pharma press -published
asian pharma press -publishedSachin Sangle
 
Webinar 2013 12-10-presentazione_jm
Webinar 2013 12-10-presentazione_jmWebinar 2013 12-10-presentazione_jm
Webinar 2013 12-10-presentazione_jmsmespire
 
Khoa hoc internet marketing SEO DAO TAO by TTV
Khoa hoc internet marketing SEO DAO TAO by TTVKhoa hoc internet marketing SEO DAO TAO by TTV
Khoa hoc internet marketing SEO DAO TAO by TTVĐào tạo Seo
 
Different broadband options available to the stillorgan area
Different broadband options available to the stillorgan areaDifferent broadband options available to the stillorgan area
Different broadband options available to the stillorgan areaLukeDonnelly11
 
Advocates and Activities
Advocates and ActivitiesAdvocates and Activities
Advocates and ActivitiesJeanneMacAdams
 
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23Eyal Doron
 
In-Transition Boot Camp at the Rutgers Club 9.14.2016
In-Transition Boot Camp at the Rutgers Club 9.14.2016In-Transition Boot Camp at the Rutgers Club 9.14.2016
In-Transition Boot Camp at the Rutgers Club 9.14.2016Marianne Grady, SPHR
 
тренды избирательных кампаний
тренды избирательных кампанийтренды избирательных кампаний
тренды избирательных кампанийAndrey Ponomarev
 

Viewers also liked (16)

2013 qld pga championship sponsorship invitation
2013 qld pga championship sponsorship invitation2013 qld pga championship sponsorship invitation
2013 qld pga championship sponsorship invitation
 
Blogger
BloggerBlogger
Blogger
 
Exposición baltazar
Exposición baltazarExposición baltazar
Exposición baltazar
 
Parole composte
Parole composteParole composte
Parole composte
 
Test
TestTest
Test
 
Chi sono e a cosa servono le agenzie di rating?
Chi sono e a cosa servono le agenzie di rating? Chi sono e a cosa servono le agenzie di rating?
Chi sono e a cosa servono le agenzie di rating?
 
20150314 appforofficestudy
20150314 appforofficestudy20150314 appforofficestudy
20150314 appforofficestudy
 
asian pharma press -published
asian pharma press -publishedasian pharma press -published
asian pharma press -published
 
Webinar 2013 12-10-presentazione_jm
Webinar 2013 12-10-presentazione_jmWebinar 2013 12-10-presentazione_jm
Webinar 2013 12-10-presentazione_jm
 
Khoa hoc internet marketing SEO DAO TAO by TTV
Khoa hoc internet marketing SEO DAO TAO by TTVKhoa hoc internet marketing SEO DAO TAO by TTV
Khoa hoc internet marketing SEO DAO TAO by TTV
 
Different broadband options available to the stillorgan area
Different broadband options available to the stillorgan areaDifferent broadband options available to the stillorgan area
Different broadband options available to the stillorgan area
 
Advocates and Activities
Advocates and ActivitiesAdvocates and Activities
Advocates and Activities
 
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
Exchange 2013 coexistence | Autodiscover infrastructure | Part 2/2 | 12#23
 
Parts of the body (1)
Parts of the body (1)Parts of the body (1)
Parts of the body (1)
 
In-Transition Boot Camp at the Rutgers Club 9.14.2016
In-Transition Boot Camp at the Rutgers Club 9.14.2016In-Transition Boot Camp at the Rutgers Club 9.14.2016
In-Transition Boot Camp at the Rutgers Club 9.14.2016
 
тренды избирательных кампаний
тренды избирательных кампанийтренды избирательных кампаний
тренды избирательных кампаний
 

More from Eyal Doron

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Eyal Doron
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Eyal Doron
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Eyal Doron
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Eyal Doron
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Eyal Doron
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 

More from Eyal Doron (20)

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 

Internal spam in Office 365 - Introduction | Part 3#17

  • 1. Page 1 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com INTERNAL SPAM IN OFFICE 365 – INTRODUCTION | PART 3#17 In the article, we will review:  What are the possible reasons that could cause to our mail to appear as spamjunk mail?  Who or what are this “elements”, that can decide that our mail is a spam mail?  What are the possible “reactions” of the destination mail infrastructure that identify our E-mail as spamjunk mail?
  • 2. Page 2 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Why is my mail identified as spam? In a scenario in which our mail is recognized as a spamjunk mail, besides of the unpleasant feeling (nobody wants that the term: “junk” will be associated with him in any way), the major question is: Why is my mail identified as spam? The answer is that there could be many elements and “causes: for this problem and that many times it’s not so easy to “point at” the specific element that is “guilty” for our problem.
  • 3. Page 3 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Our mission should be: 1. Learn to know each of the “elements” could lead us into a scenario in which our E-mail will be recognized as a spamjunk mail by another recipient. 2. Ensure that our organization users implement the best practices and, avoid actions that could lead to a scenario in which organization mail will be classified as spam. 3. Monitor our organization mail flow looking for a “problematic mail items” or, event that could lead to a scenario in which our mail will be classified as spam. 4. In the worst-case scenario in which the event of “organization mail is classified as “spamjunk mail” implement the required actions to solve this issue.
  • 4. Page 4 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Who could decide that my mail is a spam mail? 1. Exchange Online In the Office 365 environment, the first element in the “mail flow” that could identify a specific Office 365 user E-mail message as a spamjunk mail, is the Exchange Online by himself. If we want to be more accurate, the element the scan the sent E-mail is the component named: Exchange Online protection. At first look this “behavior” look a little strange because most of the time, we are used to a scenario in which the destination mail server can identify our mail as spamjunk mail and not “our mail server”.
  • 5. Page 5 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com The reason for using internal outbound spam filtering mechanism in Office 365 and Exchange Online environment is the Exchange Online infrastructure is a “shared mail infrastructure”, that serve at the same time many Office 365 customers (tenants) beside of our organization. Office 365 Infrastructure, is taking extra care to avoid a very unwanted scenarios in which, a specific problematic organization that is hosted at Office 365 will “damage” the reputation of other organizations that is hosted at the same Office 365 Exchange Online infrastructure. Exchange Online include a built-in mechanism in which he checks every outbound mail that is sent by Office 365 users to another Office 365 users or external recipient. In case that Exchange Online “decides” to classify specific E-mail messages as spam mail, he doesn’t block or delete the E-mail message and doesn’t update the SCL value of the E-mail message, but instead, route the E-mail message to a dedicated Exchange Online mail server named: High Risk Delivery Pool Note – We will discuss in more details the subject of- High Risk Delivery Pool in the articles:  High Risk Delivery Pool and Exchange Online | Part 9#17  High Risk Delivery Pool and Exchange Online | Part 10#17 2. Destination mail infrastructure | Mail Security Gateway The “destination mail infrastructure” could be realized as: a device that examines each incoming mail and decides whether to pass the E-mail message, block or increase the SCL value.
  • 6. Page 6 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com In a scenario in which we notified that E-mail that was sent from organization consider as – a spamjunk mail, the common case is that our organization appears as blacklisted (registered at some Blacklist provider). In the modern mail environment, every organization uses some “security mechanism” (mail security gateway or other security solutions) that scan each of the connection requests that are sent to the organization’s mail server. The “requester” (source mail server) is checked and, only if the connection request considers as “legitimate” to “mail session” is approved. The “verification process” that is implemented by the mail security gateway, is implemented by using different methods, but one of the most basic security cheeks is implemented by accessing a database of “blacklist provider” and verifies that the recipient domain name or the IP address of the mail server doesn’t appear as listed in a blacklist. 3. User mail client Mail clients such as Outlook, include built-in security engine that can classify incoming mail as a spamjunk mail. For example, we can deal with a scenario, in which specific E-mail message that was sent from our users was identified as spamjunk mail by the Outlook client and not by the external recipient mail server. Another option could be a scenario in which the external recipient uses the option of block senders and adds the E-mail address of specific organization users to the list. 4. The destination recipient
  • 7. Page 7 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com The “person” that our mail is sent to his mailbox can decide to form some reason to report our E-mail message as a spamjunk mail. For example: recipient register to your mailing list in the past, forget that he registered and, when he get E-mail from your organization, he relates to the specific E-mail as spamjunk mail. 5. Desktop security application Antivirus or other desktop security application can be configured to scan incoming E-mail and decide to classify specific E-mail messages as spamjunk mail. What could happen in the case that my mail recognizes as spamjunk mail? In a scenario in which our E-mail recognizes as spamjunk mail by a destination server, there is considerable importance for the external mail server response. In case that the external mail server responds by – sending a “reply” in a form of NDR message, that informs us that our mail was blocked because our mail is spamjunk mail, we are able to be aware of the problem and respond respectively. In a scenario in which the external mail server decides “not to respond”, technically, we have no way to know that there is some problem with E-mail that is sent from our organization. The only way that we can be aware of the problem is – in a scenario in which the external mail server “forward” the E-mail message to the destination recipient and because the email server increases the SCL value, the E-mail is sent to the junk mail folder.
  • 8. Page 8 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Only if the “destination recipient” fined the E-mail in the junk mail folder and, only if he is “kind enough” to inform us, only then, we can know that we have a problem with mail that is sent from our organization. When our E-mail is accepted by an external mail server and, the external mail server identifies our mail as “spamjunk mail”, the external mail server could implement one of the following options:
  • 9. Page 9 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Option 1: Block the E-mail message + inform the source mail server that the E-mail message was blocked. This scenario makes our life easier. Is truth that the Office 365 recipients E-mail didn’t get to his destination but, we have a “clear indication” for the failure of the mail delivery. Now, our mission will be: to find what was the reason for classifying our E-mail message as spamjunk mail. Option 2: Block the E-mail message + do not notify the source mail server (silent drop)
  • 10. Page 10 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com A scenario in which the “destination mail server” classifies the E-mail message as spamjunk mail and, just deletes the E-mail message without sending any notification or update to the “source” that sends the E-mail message. Option 3: Deliver the E-mail message to the destination recipient + Increase the SCL value This type of scenario is the “standard” or the default behavior in Exchange Online environment. In case that the E-mail message is recognized as a spam mail and the “spam level” is “reasonable”, Exchange Online will not block or delete the spam mail, but instead, “stamp” the E-mail message with a high value of SCL (spam confidence level) and, deliver the E-mail message to the destination recipient. The destination recipient” will have to decide “what to do with the E- mail message”.
  • 11. Page 11 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com In this scenario, the E-mail message will get to the user “Junk mail folder”, and most of the time; users do not tend to look at the junk mail folder. In this scenario the “destination recipient” will usually reports, that he didn’t get the E-mail message, but the E-mail message is “hidden” in his Junk mail folder. Option 4: Deliver the E-mail message to a quarantine queue A scenario that is similar to the former scenario. The difference is that the Mail server delivers the E-mail message that was identified as spam to a special store named: quarantine. Option 5: The mail server doesn’t recognize the E-mail message as spam but, the mail client does. Many mail clients such as Outlook, considers as a sophisticated mail client and has built-in options for recognizing spam mail, create a block sender list, etc. In this scenario, there is a chance that the mail client will decide that a specific E-mail message can be considered as – a spam E-mail message. Exchange Online and SCL In the current article series, we will mention from time to time the term: SCL Q: What is the meaning of SCL? A: The term SCL, stand for Spam Confidence Level
  • 12. Page 12 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com In simple words, the SCL is a value that is “attached” by the mail server (usually Exchange server) to a specific E-mail item and define the “trust level” of the specific E-mail item from the perspective of: spam. An SCL value such as: “-1” is “saying” that the E-mail item can be fully trusted and a high SCL value such as: 5, “say” that the specific E-mail item considers as spam mail.  Spam Confidence Level Threshold  Outlook unexpectedly marks messages as junk even if the SCL level is lowSpam Confidence Levels  Spam Confidence Level  Junk email with an SCL rating of 5 goes to the inbox  Configure content filter policies  Messages aren’t quarantined when you change the SCL rating in Office 365 or Exchange Online Protection  Exposing SCL (Spam Confidence Level) in Outlook
  • 13. Page 13 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Internal outbound spam in Office 365 environment | Article series index A quick reference for the article series My E-mail appears as a spam | Article series index | Part 0#17 The article index of the complete article series Introduction to the concept of internal outbound spam in general and in Office 365 and Exchange Online environment My E-mail appears as a spam – Introduction | Office 365 | Part 1#17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal outbound spam. Internal spam in Office 365 – Introduction | Part 2#17 Review in general the term: “internal outbound spam”, miss conceptions that relate to this term, the risks that are involved in this scenario, outbound spam E-mail policy and more.
  • 14. Page 14 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Internal spam in Office 365 – Introduction | Part 3#17 What are the possible reasons that could cause to our mail to appear as spamjunk mail, who or what are this “elements”, that can decide that our mail is a spam mail?, what are the possible “reactions” of the destination mail infrastructure that identify our E- mail as spamjunk mail?. Commercial E-mail – Using the right tools | Office 365 | Part 4#17 What is commercial E-mail? Commercial E-mail as part of the business process. Why do I think that Office 365 Exchange Online is unsuitable for the purpose of commercial E-mail? Introduction if the major causes for a scenario in which your organization E-mail appears as spam My E-mail appears as spam | The 7 major reasons | Part 5#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 1. E-mail content, 2. Violation of the SMTP standards, 3. BulkMass mail
  • 15. Page 15 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | The 7 major reasons | Part 6#17 Review three major reasons, that could lead to a scenario, in which E- mail that is sent from our organization identified as spam mail: 4. False positive, 5. User Desktop malware, 6. “Problematic” Website Introduction if the subject of SPF record in general and in Office 365 environment What is SPF record good for? | Part 7#17 The purpose of the SPF record and the relation to for our mail infrastructure. How does the SPF record enable us to prevent a scenario in which hostile elements could send E-mail on our behalf. Implementing SPF record | Part 8#17 The “technical side” of the SPF record: the structure of SPF record, the way that we create SPF record, what is the required syntax for the SPF record in an Office 365 environment + mix mail environment, how to verify the existence of SPF record and so on.
  • 16. Page 16 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com Introduction if the subject of Exchange Online - High Risk Delivery Pool High Risk Delivery Pool and Exchange Online | Part 9#17 How Office 365 (Exchange Online) is handling a scenario of internal outbound spam by using the help of the Exchange Online- High Risk Delivery Pool. High Risk Delivery Pool and Exchange Online | Part 10#17 The second article about the subject of Exchange Online- High Risk Delivery Pool. The troubleshooting path of internal outbound spam scenario My E-mail appears as spam – Troubleshooting path | Part 11#17 Troubleshooting scenario of internal outbound spam in Office 365 and Exchange Online environment. Verifying if our domain name is blacklisted, verifying if the problem is related to E-mail content, verifying if the problem is related to specific organization user E-mail address, moving the troubleshooting process to the “other side.
  • 17. Page 17 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17 What is the meaning of: “our mail server”?, Mail server IP, host name and Exchange Online. One of our users got an NDR which informs him, that his mail server is blacklisted!, How do we know that my mail server is blacklisted? My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17 The troubleshooting path logic. Get the information from the E-mail message that was identified as spamNDR. Forwarding a copy of the NDR message or the message that saved to the junk mail
  • 18. Page 18 of 18 | Internal spam in Office 365 - Introduction | Part 3#17 Written by Eyal Doron | o365info.com My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17 Step B – Get information about your Exchange Online infrastructure, Step C – fetch the information about the Exchange Online IP address, Step D – verify if the “formal “Exchange Online IP address a De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17 Review the charters of a scenario in which your organization appears as blacklisted. The steps and the operations that need to be implemented for de-list your organization from a blacklist. Summery and recap of the troubleshooting and best practices in a scenario of internal outbound spam Dealing and avoiding internal spam | Best practices | Part 17#17 Provide a short checklist for all the steps and the operation that relates to a scenario of – internal outbound spam.