Microsoft Exchange anti-spam has been a good option for several years for users of Microsoft Exchange. However, there are now issues that need to be addressed for continued use of Microsoft Exchange 2016 and 2019. Starting October 14, 2025, Microsoft will officially stop support for Microsoft Exchange 2016 and Microsoft Exchange 2019. Microsoft will no longer provide bug fixes or updates for security vulnerabilities. Instead, Microsoft recommends that customers “migrate to Exchange Online or prepare their organizations to upgrade to Exchange Server Subscription Edition (SE) when it becomes available in early H2 of CY2025.”
The lack of support for security vulnerabilities must be of the utmost concern for current Microsoft Exchange 2016 or 2019 users. Targeting Microsoft Exchange is a known issue. This is evidenced in a CISA report highlighting the challenges of Microsoft Exchange targeting from Storm-05581. This threat actor compromised the Microsoft Exchange Online mailboxes of victims across the United States (U.S.), the United Kingdom (U.K.), and worldwide.
Here, we explore how Exchange Online deals with spam and phishing and how SpamTitan complements the deprecated Microsoft Exchange 2016 and 2019 and the upgraded Exchange Online.
Exchange users: Should you stay, or should you upgrade?
The deprecation of Exchange 2016 and 2019 means it is time to decide what to do next.
Stay put with Microsoft Exchange 2016, and Microsoft Exchange 2019 Exchange, which is both business-critical apps for many organizations and moving to a significantly new version may result in business disruption. If you decide to stick with your current version of Microsoft Exchange rather than upgrade to Microsoft Exchange Online, you should expect to deal with security vulnerabilities. Microsoft will deprecate support for the older versions of Exchange, which means no more security patches when vulnerabilities in Exchange are identified. Therefore, it is highly likely that cybercriminals will continue to target Exchange 2016 and 2019 users. These security flaws will increase the risk of various cyber threats, including ransomware attacks and data breaches.
If you plan to maintain your Microsoft Exchange 2016 and Microsoft Exchange 2019 instances, you can shore up the protection using a third-party integrated solution like SpamTitan.
Move over to Exchange Online (Microsoft 365). Exchange Online is a cloud-based email service that makes managing maintenance and patching easier. It is part of Microsoft 365 tools.
Upgrade to Exchange Server Subscription Edition (SE)
If you are on Exchange 2016, you must upgrade to Exchange 2019 before upgrading to Exchange Online. Your business must think ahead and plan for a seamless move across versions. Notably, co-existence between versions is not allowed, so a company must act swiftly when moving between the versions. Licensing of Exchange Server SE requires that customers maintain an active subscription in addition to server licenses and CALs.
This Microsoft blog post contains a calendar of release dates: “Upgrading your organization from current versions to Exchange Server SE.”
Security features of Exchange Online
Microsoft Exchange Online has built-in protection – Exchange Online Protection (EOP.) EOP protects against spam, malware, phishing, and other email-borne threats. EOP provides good protection for anti-malware and spam prevention.
Anti-malware
Using layered protection, EOP scans for known and unknown threats using heuristic detection. The real-time threat response is provided via policy rules set by the EOP anti-malware team that are published to the global network every two hours. Suspicious emails are placed in quarantine as they arrive.
Spam prevention
EOP uses confidence levels to identify and handle spam. Policies decide how spam is dealt with. These confidence levels are also used to identify phishing.
Anti-phishing
Phishing prevention is limited to spoof detection and DMARC.
Extended security for Exchange Online: Defender
Phishing has become extremely sophisticated. Cybercriminals also use complex evasion tactics and multi-step attack techniques to trick users and avoid detection. Basic phishing prevention options like those in EOP cannot handle many complex modern phishing attacks. To extend the in-built email security offered in Exchange Online, Microsoft offers a multi-layered security option called Defender. This option is more expensive but adds advanced anti-phishing features, including machine learning and simulated phishing campaigns for security awareness.
Exchange Online security gaps
Out-of-the-box security is built into Exchange Online as EOP. However, this basic package has limited value, catching only around 80% of malicious emails according to studies. The 20% that gets through can easily result in ransomware, data breaches, stolen credentials, and Business Email Compromise (BEC) attacks. The security gaps left by EOP include the following areas:
Multi-part social engineering attacks: highly targeted phishing and impersonation attacks are too sophisticated for EOP. Cybercriminals use email impersonation attacks to confuse and manipulate staff into performing actions that benefit the cybercriminal. Business Email Compromise is a complex cyber-attack that uses impersonation and other email-borne threats to steal company monies.
Zero-day attacks: unknown vulnerabilities in software or processes offer cybercriminals a way to execute a cyber-attack. Zero days are challenging to identify, and advanced technologies like AI and machine learning are required to spot patterns as these threats emerge. EOP uses a single layer with no AI or machine learning. EOP, therefore, is not able to spot zero-day threats.
Sandboxing: the sheer volume of emails sent daily requires a method to double-check the validity of a suspicious email. Email sandboxing offers this method. EOP does not support sandboxing.
Deeper dive “ICES Closing the Gaps in M365 Native Security”
SpamTitan Vs. EOP: At-a-Glance
| Microsoft Office 365 Exchange Online Protection (EOP) | SpamTitan | |
| Protection against emerging threats like zero-days | No | Yes |
| Greylisting | No | Yes |
| Basic attachment sandboxing | Yes | Yes |
| URL checking including post-delivery | No | Yes |
| Advanced AR code detection | No | Yes |
| Multiple antivirus scanning | No | Yes
Uses dual AV scanning to improve detection rates |
| Advanced BEC (Business Email Compromise) prevention | No | It uses advanced AI-powered techniques like Natural Language Processing (NLP) to identify anomalous content and behavior. |
| Contextual warning tags on suspicious emails | No | Yes |
| Outbound email checks for spam signals | Yes | Yes |
| Operating system agnostic? | No | Yes |
| DMARC compliance of transactional email via DKIM-signing | No | Yes |
| Auto-remediation | Yes | |
| Training offered | Limited to videos and documents | An array of options, in-person, videos, online, webinars, etc. |
SpamTitan v Microsoft Defender
The key to mitigating the variety of email-borne cyber-attacks is to use multiple layers of protection. Also, advanced technologies like AI must be added as a layer to identify emerging and zero-day threats. Microsoft Defender can be bought as an add-on for Exchange Online to reduce the security gaps inherent in EOP.
Complex setup
Defender provides additional, more advanced anti-spam and anti-phishing capabilities. However, even Defender has some drawbacks and security gaps. MS Defender can have a significant management overhead, and it is seen as challenging to correctly set up appropriate anti-phishing policies. Poorly configured policies can prevent legitimate emails from being delivered or allow malicious emails through the filter. This is a common problem and noted on social platforms like Reddit, where users express their concerns:
“Defender for Office365 is challenging; it’s a great product, but it can be deceptively complex.”
Absence of greylisting
An important anti-spam feature is greylisting. This measure is used to ensure that a more significant number of threats are blocked. Greylisting is a clever technique that can virtually eliminate spam. Greylisting is a mechanism whereby a suspicious email is sent back to the original mail server. Mail servers will be set to try resending the email after X amount of time. Because the mail servers used by spammers are too busy sending out spam emails to respond to the request for an email to be resent, the suspicious email is effectively dealt with. The lack of greylisting in EOP and Defender, coupled with the complexities in setting up and configuring Defender, means that many SMBs and enterprises should look for a specialist third-party solution to improve the effectiveness of Microsoft 365 email spam filtering.
Costly
Defender is costly. Pricing starts at $3 per user for up to 300 users, in addition to your Office 365 license costs.
SpamTitan is $1.95 per user for 300 users.
Anti-Spam Email Filters from SpamTitan
SpamTitan’s anti-spam email filters perfectly complement Exchange Online and earlier versions of Exchange’s built-in anti-spam capability. SpamTitan can be deeply integrated into Exchange Online as an additional defense-in-depth solution to enhance the static capabilities of EOP. Also, SpamTitan and the other TitanHQ products that offer complete email-borne protection can be used with EOP and Microsoft Defender to provide the deep levels of security needed to handle even the most complex email-borne threats.
SpamTitan has many advanced features that extend and enhance Microsoft email security. SpamTitan has been independently assessed by Virus Bulletin, an independent industry analyst that performs real-world tests on email security software. In the latest test results, SpamTitan was the best in class, with a very low false negative rate and the highest catch rate.
The Greylisting feature in SpamTitan maximizes spam detection rates. Also, SpamTitan checks each returned email against a database of IP addresses from which phishing emails are known to have originated and performs a malicious URL check to protect businesses from web-borne threats further. The multiple layers of protection are responsible for SpamTitan’s exceptional spam capture results.
SpamTitan also supports outbound email filtering – a Microsoft feature only available to businesses running Office 365 via the premium Exchange Online Protection package. This feature can help identify compromised email accounts within a business’s internal network and prevent malware-infected emails from being sent from the business’s mail server – potentially saving the business IP address from blocklisting.
Other features of our anti-spam mail filters include:
- Easy administration via a centralized, web-based management portal.
- A choice of deployment options – including a cloud-based option and anti-spam software.
- Directory synchronization as standard, rather than at a premium.
- Allowlist or blocklist senders with the click of a mouse.
- Greylisting
- Sandboxing
- Flexible user policy application.
- Multiple web authentication settings.
- Compatible with all operating systems.
- Unlimited scalability.
- Advanced phishing protection using AI and Natural Language Processing (NLP)
- Cost-effective
How the SpamTitan spam filtering service works
The diagram below explains how the SpamTitan spam filtering service works. The image details the many different processes that SpamTitan uses to differentiate genuine messages from spam and malicious emails. Applying SpamTitan on top of Microsoft Exchange Online – or Office 365 – can significantly improve your security posture and prevent sophisticated email-based threats from reaching your end users’ inboxes.
Enhance any version of Exchange with SpamTitan
If you want to know more about SpamTitan´s anti-spam mail filters and how they complement any version of the Exchange anti-spam feature set, do not hesitate to contact us.
Our sales technicians will happily answer your questions and invite you to take advantage of a free trial of the SpamTitan solution that is most appropriate for your requirements.
Our free trial allows you to evaluate our anti-spam mail filters in your environment, tackling the spam emails your business receives daily. You will access the full SpamTitan product and support services during the free trial. A software engineer will be available to help you optimize your antispam configuration and ensure a smooth and seamless transition from your current Microsoft Exchange anti-spam solution to SpamTitan antispam for Exchange Online.
At the end of the free trial, there is no obligation on you to continue using our spam filtering services, but should you choose to do so, we offer a competitive range of subscription options based on the number of mailboxes SpamTitan will protect your preferred deployment option and the frequency of payment.
SpamTitan, adds layers of security to EOP and Defender. SpamTitan ensures that there are fewer misses, fewer false positives, and therefore, fewer spam emails. This includes preventing malicious emails containing malware from landing in employees’ inboxes. No single technology provides security for everything; different layers are crucial. Relying on a single vendor for all your security needs can be risky.
Anti-Spam Frequently Asked Questions (FAQs)
If SpamTitan has more filtering processes than Office365, doesn´t that slow email delivery?
Although SpamTitan has more filtering processes than Office 365, it does not slow email delivery because of how the filtering processes are ordered. With SpamTitan, more spam emails are rejected earlier in the pipeline, giving the later processes less to do and reducing the potential for bottlenecks to develop. In many circumstances implementing a SpamTitan email filter can accelerate email delivery.
How does Microsoft calculate Spam Confidence Levels?
Confidence levels used by Microsoft EOP go from -1 to 9. The lowest level is the safest, increasing to 9, the highest confidence level that a message is spam. The full list of Spam Confidence Levels and how they are worked out can be found here: “Spam confidence level (SCL) in EOP.”
What does relaxing Spam Confidence Levels to prevent false positives mean?
Relaxing Spam Confidence Levels to prevent false positives means that when administrators apply a Level 5 Spam Confidence setting to an Exchange 2016 server, everything rated at Level 5 and upwards is blocked or quarantined. This can result in genuine emails being blocked in error (“false positives”). Administrators can reduce Spam Confidence Levels to Level 6 or Level 7 to prevent false positives, likely increasing the amount of spam that evades detection.
Please expand on the benefits of outbound email scanning.
Outbound scanning allows businesses to identify when an external source has compromised an internal account. Compromised accounts can be used for sending spam or, more likely, to distribute malware and launch phishing attacks from a "trusted account."
Is SpamTitan as effective as working alongside other Microsoft Exchange servers?
SpamTitan is effective in working alongside other Microsoft Exchange servers. For example, if your organization continues to use Exchange 2016 or Exchange 2019 - or has upgraded to Exchange Online - SpamTitan will enhance the email filtering capabilities of all servers.
Why do spam emails sometimes still get delivered to users' inboxes on Microsoft Exchange?
Spam emails are sometimes still delivered to users’ inboxes on Microsoft Exchange 2016 and 2019 for two reasons. The first is that spammers constantly find new ways to bypass existing defenses. The Microsoft email filter does not detect spam emails immediately because it is updated retrospectively. The second reason is that some administrators find the Microsoft email filter difficult to configure and set the acceptable Spam Confidence Levels too low.
What challenges arise from the complexity of the Exchange 2016, 2019, and Exchange Online spam filters?
The complexity of exchange versions' spam filters results in misconfiguration of settings. If the spam filter is configured too aggressively, it will block or quarantine genuine emails. If the settings are too relaxed, the spam filter will fail to detect spam emails and deliver them to users’ inboxes.
How does SpamTitan complement the features of Exchange 2016, 2019, and Exchange Online?
SpamTitan can be deeply integrated into Office 365, adding layers of sophisticated anti-spam capability. This includes Greylisting, which checks returned emails against IP addresses known for distributing spam, malware, and phishing emails and performs checks on embedded URLs to detect malicious ones. SpamTitan also provides outbound email filtering, which can help identify compromised email accounts and prevent business’s IP addresses from being blocked.
Why is monitoring false positives and spam that avoid detection in the Exchange 2016 anti-spam system crucial?
It is crucial to monitor false positives and spam that avoids detection in the Exchange 2016, 2019, and Exchange Online anti-spam systems so the system configuration can be fine-tuned. Depending on the reasons for false negatives or spam avoiding detection, it may be simpler to manually allow genuine emails and blocklist spam emails – or deploy SpamTitan in front of the Exchange anti-spam system.
How can SpamTitan prevent sophisticated email-based threats from reaching users' inboxes?
SpamTitan prevents sophisticated email-based threats from reaching users’ inboxes using various advanced processes – including those that learn and are updated in real-time. Additionally, SpamTitan supports “point-of-click” URL analysis, which stops users from visiting websites that have been weaponized after delivering an embedded URL in an email. By layering SpamTitan on top of Microsoft Exchange or Office 365, businesses enhance security, making it harder for sophisticated threats to reach end users.