Microsoft Exchange Spam Filter

Although the default Microsoft Exchange spam filter has a number of features to help block spam and protect businesses from email-based threats such as phishing, malware and ransomware, few people speak highly of the built-in mechanism of anti spam for Exchange. One of the most common criticisms is the default Exchange anti spam mechanisms are not as effective at detecting spam as third party solutions and many threats bypass Microsoft’s controls and are delivered to inboxes. Since all it takes for a data breach to occur is for one employee to respond to a phishing email, it is vital that the vast majority of threats are blocked.

One of the reasons for this is the way in which some third party solutions approach spam detection – using Greylisting to prevent spam from previously unknown sources, and SUBRL filters to detect malicious URLs within the body of emails. Other features that could increase Exchange email security are also absent from the default Microsoft Exchange spam filter – Exchange Online Protection (EOP), or have to be paid for separately by upgrading to Advanced Threat Protection (APT). For many businesses, APT is prohibitively expensive especially when third-party solutions can be purchased at a fraction of the cost and provide equivalent or better protection.

How Greylisting and SUBRL Filtering Enhances Exchange Email Security

Greylisting and SUBRL filtering could significantly enhance Exchange email security – if they were present. When third party anti-spam solutions are implemented, these two mechanisms work independently of Microsoft´s real-time blackhole lists (RBLs) to increase spam detection rates and prevent phishing emails reaching their intended recipients. Greylisting in particular can increase spam detection rates from the 99% achieved by the default Microsoft Exchange spam filter to 99.97% with no false positives. Greylisting involves rejecting a message and requesting it be resent by the server where it originated. Spammers’ servers are usually involved in massive spam campaigns, and are too busy to respond. The delay indicates the messages have come from a new spamming source. Greylisting is an optional spam control with SpamTitan. While it is highly recommended to have greylisting enabled, messages may be delayed by a few minutes. When used in combination with whitelisting for trusted senders, important emails will not be delayed.

SUBRL filtering works in a similar way to real-time blackhole lists; but rather than compare the IP addresses of inbound emails against a list of known sources of spam, the filter compares links in emails against a list of URLs known to be malicious. This feature prevents users clicking on a link they believe to be safe and visiting a phishing website or malicious site hosting malware.

Antispam Exchange Outbound Filtering

One of the “absent/paid for” features is antispam Exchange outbound scanning. Outbound scanning is particularly important for Office 365 users following the introduction of the “IP reputation” marking system, as any business considered to be sending spam or malware could find its IP address on Microsoft´s real-time blackhole list. This would not only affect business-critical communication channels, but could potentially result in the business´s website being blacklisted.

Antispam Exchange outbound filtering monitors outbound emails for any signs of spam which could indicate an email account has been compromised as the result of a phishing attack. Antispam Exchange outbound filtering is important, but Office 365 users only get access to this feature if they pay for it via an Advanced Threat Protection package.

The Complicated Nature of Anti Spam for Exchange

Another common criticism of the Microsoft Exchange spam filter is it is too complicated. Naturally, the aim of anti spam for Exchange is spam detection and reporting. However, due to the complicated nature of anti spam for Exchange, Spam Confidence Levels can be set too low with the consequence that the filter is ineffective at preventing spam. Alternatively the levels can be set too high – resulting in genuine emails being quarantined for having marginally spammy content.

Once you combine anti spam for Exchange with Office 365 and Exchange Online Protection (or Forefront Protection for Exchange 2010), the complicated nature of anti spam for Exchange multiplies. Furthermore, businesses that want to use the Directory Synchronization feature to help better manage their email accounts have to subscribe to an Advanced Threat Protection package. Third party email filtering solutions eliminate the complexity, which is another reason why they are often favored over the default Microsoft Exchange spam filter.

SpamTitan´s Spam Filter for Exchange

SpamTitan´s spam filter for MS Exchange has many of the features that are absent from default Microsoft Exchange spam filter and are only provided with APT. SpamTitan enhances Exchange email security with Greylisting and SUBRL filtering, uses antispam Exchange outbound filtering to identify compromised email accounts, and has automatic updating to ensure the spam detection mechanisms and antivirus software is always current. System administrators will find SpamTitan offers flexible user policy application and has multiple web authentication settings, plus our spam filter for Exchange is universally compatible and infinitely scalable. The advanced mechanisms of spam detection in SpamTitan will increase spam detection rates from around 99% to 99.97%. In addition to improving detection rates, SpamTitan has been designed to be easy to use and includes (free) synchronization with directory tools such as Active Directory.

How SpamTitan Differs from Microsoft Exchange Online Protection and Office 365

Microsoft Exchange and Office 365 incorporate security features to provide a basic level of spam protection; however organizations will no doubt discover that a significant number of spam messages and email threats still reach the mailboxes of their employees. Even if security awareness training is provided to employees, there will always be some employees that open malicious email attachments or click hyperlinks that direct them to phishing websites. Organizations therefore need to implement an advanced spam filtering solution to block these email threats and ensure they are not delivered to inboxes. Exchange Online Protection and Office 365 email security controls alone will not provide the level of protection that most organizations need.

Listed below is a summary of the features of SpamTitan that are lacking in Office 365 email security and Exchange Online Protection.

Comparison of Office365 and SpamTitan

Try Our Exchange Anti Spam Solution for Free

If you have found little about the Microsoft Exchange spam filter to speak highly of, and would like to try our Exchange anti spam solution for free, do not hesitate to get in touch. Our Sales Technicians will be happy to answer any questions you have about SpamTitan and its suitability as an Exchange anti spam solution, suggest the best deployment option for your business, and will guide you through the registration process to start your free trial.

The free trial of our Exchange anti spam solution gives you the opportunity to evaluate SpamTitan in your own environment with the volume of email traffic you are accustomed to. The trial also gives you the opportunity to experiment with different features until you find the optimum Spam Confidence Levels for your specific needs so that, should you decide to continue using our service at the end of the trial, no further configuration of our Exchange anti spam solution will be necessary.

  • SpamTitan has a higher spam capture rate than the Microsoft Exchange spam filter.
  • SpamTitan´s Greylisting feature overcomes issues with Microsoft´s “IP throttling” feature.
  • SpamTitan is more likely to prevent the delivery of spear phishing emails and BEC attacks.
  • SpamTitan offers outbound mail filtering as a free feature rather than as a premium service.
  • SpamTitan is much simpler to use than the Microsoft Exchange spam filter – reducing the risk of human error.
  • SpamTitan is available as anti spam software solution or a cloud-based filter
  • You can try our SpamTitan Exchange Anti Spam Solution for free. Contact us today to find out more.

Microsoft Exchange Spam Filter FAQ

What should everyone know about spam filtering?

What everyone should know about spam filtering is that a spam filter is the most important technical measure you can implement to reduce the risk of spam, malware, email impersonation, and phishing attacks. Choose a solution with sandboxing to block zero-day attacks, greylisting to prevent spam from previously unknown sources, and outbound filtering for data loss prevention and detecting compromised email accounts.

Why is it important to use a third-party spam filter for Office 365?

It is important to use a third party spam filter for Office 365 because Office 365 only includes a basic level of protection against spam, malware, and phishing. SpamTitan adds an extra layer of security and will greatly improve protection against zero-day and sophisticated phishing threats through sandboxing, greylisting, and advanced machine learning techniques.

What is greylisting?

Greylisting is the term given to returning an email to its originating server with a request for the email to be resent. Due to the number of emails returned to spammers’ servers (mostly due to failed delivery attempts), most spammers’ servers have the “retry” function disabled to prevent the scenario in which bandwidth is wasted resending undeliverable emails. Consequently, a greylisted email that is returned to a spammer usually does not come back.

Will a spam filter block all malware sent via email?

A spam filter will not block all malware sent via email because new malware variants are constantly being released and many spam filters use signature-based detection - so they can only detect known malware threats. This is why SpamTitan uses machine learning and sandboxing to preempt new malware variants in addition to dual AV engines. Suspected, unknown, and suspicious files are sent to the sandbox for in-depth analysis to identify if any are malicious.

Does SpamTitan work with all Microsoft Exchange servers?

SpamTitan works with Microsoft Exchange servers 2010(*), 2013, 2016, and 2019. Setup is a quick and easy process, and our support engineers will guide you through the process if necessary. Once configured, SpamTitan is a set and forget solution that requires no patching nor maintenance. (*) If your organization is using Exchange 2010, and you are considering an upgrade, please be aware of the changes to the Exchange FrontEnd Transport service.

What is a common criticism of the built-in anti-spam mechanism of Microsoft Exchange?

A common criticism of the built-in anti-spam mechanism of Microsoft Exchange is that it is less effective at detecting spam compared to third-party solutions. Although it is possible to upgrade to a higher level of Microsoft Security to reduce the volume of spam evading detection, it can be more cost-effective to deploy a third-party solution in front of the Microsoft Exchange mail server.

Why is Advanced Threat Protection (APT) considered costly by many businesses?

Basic Advanced Threat Protection (now Microsoft Defender for Business/Office 365) is considered costly by many businesses because it costs $3 per user per month, yet lacks key capabilities such as phishing protection. To access advanced features such as phishing protection, businesses have to subscribe to a Microsoft 365 Business Premium plan – which costs $22 per user per month and includes multiple capabilities that businesses have to pay for but may never use.

What is the role of SUBRL filtering in email security?

The role of SUBRL filtering in email security is to detect spam emails sent from third party devices by botnets. Rather than just filtering out emails from malicious IP addresses, SUBRL filters detect spam and malicious emails sent by botnets by analyzing the URLs embedded in the content of the email. If a URL redirects a recipient to a site known to be used by spammers or cybercriminals, the email is blocked, rejected, or quarantined depending on how the filter has been configured.

Why is outbound filtering an essential feature?

Outbound filtering is an essential feature of any email filter because it monitors outbound emails for signs of spam or malicious activity. Such signs could suggest that an email account has been compromised through a phishing attack. Moreover, businesses could find their IP addresses blacklisted if they are seen as sending spam, affecting their communication channels and potentially resulting in their website being blacklisted.

What challenges do businesses have regarding the complexity of the Microsoft Exchange spam filter?

The challenges businesses have regarding the complexity of the Microsoft Exchange spam filter are that adjusting the Spam Confidence Levels without being certain about what you are doing can result in either rendering the filter ineffective at detecting spam or mistakenly quarantining legitimate emails. The complexity increases when integrating with Office 365 and Exchange Online Protection. Third-party solutions simplify this complexity, making them preferred by many businesses.


Articles Related to Office 365 Spam Filtering

Improving the Spam Filter on Office 365

Email Spam Filter for Exchange


Improve the Microsoft 365 Email Spam Filter


The Best Spam Filter for Outlook to Prevent Malware and Ransomware


Exchange 2013 Spam Filter