How to Improve Microsoft 365 Email Protection

Many businesses rely on Microsoft 365 email protection to defend inboxes against malicious emails. Yet many malicious emails avoid detection – potentially resulting in business disruption, credential theft, data loss, and regulatory fines. However, it is not difficult to improve Microsoft 365 email protection to mitigate the likelihood of these events occurring.

In most cases, Microsoft 365 email protection is included free of charge in the Exchange Online Protection, Microsoft Defender for Office 365, or Microsoft Defender 365 subscription service. Consequently, businesses that subscribe to these services tend to rely on the “default” protection to defend inboxes against malicious emails harboring malware and phishing attacks.

In fairness, the default Microsoft 365 email protection is not that bad. Subject to how the connection filtering, anti-malware, mail flow, and content filtering rules are configured, the service detects and blocks 99% of spam and 100% of known malware. Nonetheless, this implies that 1% of spam and 100% of emails harboring as-yet-unknown malware still avoid detection.

How to Reduce Spam and Email-Borne Malware

While it is possible to increase the Microsoft 365 email protection detection rate by tweaking how each rule is configured, this is not a practical option for many businesses. For example, reducing the bulk mail confidence threshold to reduce the number of marketing emails, applying the rules to specific groups, and creating safe sender lists for individual users who want to receive marketing emails is complicated and time consuming.

Furthermore, not only does managing safe sender lists per group or per user significantly increase the administrative overhead in larger businesses, creating safe sender lists for some users – but not others – can also result in an increased number of business-critical emails being flagged as spam (“false positives”) and deleted, rejected, or quarantined for further inspection – increasing the administrative overhead in businesses of all sizes.

For this reason, a better option is “greylisting” – a process in which all emails from new senders are returned to their originating server with a request for the email to be resent. Genuine emails are usually returned within minutes to be analyzed by the remaining filtering processes. However, due to the volume of emails returned to spammers´ servers for failing recipient verification and sender authentication tests (etc.), spammers´ servers often have the mail retry function disabled and their potentially malicious emails are never returned.

Greylisting doesn´t improve the spam detection rate from a business´s perspective because emails that are not returned for analyzing by the remaining filtering processes are never deleted, rejected, or quarantined by the Microsoft mail server, and therefore there is no way of calculating the effectiveness of greylisting. However, in a laboratory environment, greylisting has been found to increase the Microsoft 365 email protection detection rate from 99% to 99.97%.

Greylisting is not an Option in Microsoft 365 Email Protection

Despite the success of greylisting in reducing the volume of spam and the number of malicious emails being delivered to users´ inboxes, it is not an option in Microsoft 365 email protection. This could be due to the delivery of emails from new senders being delayed, or the risk that a legitimate email may never get delivered if the retry attempt is sent from a different IP address. However, both these reasons are more likely to reduce spam and email-borne malware.

Consequently, if a business wants to reduce the volume of spam and the number of malicious emails avoiding detection, it is necessary to implement an email filter with greylisting capabilities in front of the Microsoft mail server. The additional email filter can either be used as an individual front end test to only return emails from new senders, or as a complete anti-spam and anti-malware solution that sends filtered emails through to the Microsoft mail server for delivery to users´ inboxes.

While it might be easier to simply deploy the additional email filter in front of the Microsoft mail server, the main advantage of implementing an email filter such as SpamTitan as a complete anti-spam and anti-malware solution is that SpamTitan is much more user-friendly. This means it is easier to configure and administer than Microsoft 365 email protection and less likely that mistakes will be made due to a lack of understanding during the configuration and administration processes.

Further Advantages of the SpamTitan Email Filter

SpamTitan can be deployed as an on-premises gateway as well as a private or public cloud-based service. This enables businesses in regulated industries with on-premises mail servers to know where data is at all times and can also support the efforts of Managed Service Providers to attract clients in regulated industries. Although it is not an advantage that will benefit every business, there are many other features of SpamTitan that will.

For example, SpamTitan´s sandboxing feature enables businesses to better protect against data breaches and sophisticated email attacks by providing a powerful, isolated environment to run in-depth analyses of unknown or suspicious attachments and files. This advanced email security layer provides protection against malware, spear-phishing, and advanced persistent threats – offering insights into new threats as they occur to help mitigate risks.

To further protect inboxes from “as-yet-unknown” malware, businesses can subscribe to SpamTitan Plus – a service that provides leading-edge, AI-driven anti-phishing protection. Among the service´s capabilities, SpamTitan Plus rewrites embedded URLs and conducts point-of-time analyses on every click using the latest “zero day” threat intelligence to detect phishing and malicious emails faster and more accurately than any other email protection service.

Find Out More about Improving Microsoft 365 Email Protection

To find out more about improving Microsoft 365 email protection, visit and book a demo of SpamTitan and SpamTitan Plus in action – or, if you are ready to improve Microsoft 365 email protection today, request a free trial to evaluate the benefits of adding an additional email filter in front of your Microsoft mail server in your own environment.