Office 365 Spam Filter

It is claimed by Microsoft that the Office 365 spam filter detects and captures 99% of spam emails. However, this means millions of spam emails still avoid detection every day. The solution for businesses still experiencing high volumes of spam is to implement a spam filtering solution with greylisting capabilities in front of the Office 365 spam filter.

Depending on your source of information, between 60 and 120 billion spam emails are sent each day. It is not known how many of these are sent to Office 365 users because Microsoft does not reveal how many mailboxes it operates; but if you conservatively estimate 20% of 60 billion emails are sent to Office 365 users – and accept that 99% are detected and captured by the Office 365 spam filter – this means 120 million spam emails per day are still delivered to users´ inboxes.

The volume of undetected spam emails is staggering considering the cost of some Office 365 plans, but much of it is due to Microsoft´s reluctant to include greylisting among the capabilities of the Office 365 spam filter – a process that returns emails to the originating mail server with a request for the email to be resent. Because spammers´ mail servers are too busy sending fresh spam to respond to the request, emails are rarely returned – raising the spam detection rate to 99.97%.

Microsoft claims that the existing authentication processes of the Office 365 spam filter (SPF, DKIM, and DMARC) duplicate the greylisting process, and that implementing this feature would delay the delivery of genuine emails. However, in 2020, a Black Hat Briefing identified eighteen types of attacks that bypass the SPF, DKIM, and DMARC authentication processes, while genuine senders can easily be whitelisted to prevent their emails being greylisted and returned to the originating server.

How to Add Greylisting to the O365 Spam Filter

Although Microsoft will not add greylisting to the O365 spam filter, businesses can do it themselves by implementing an email filtering solution such as SpamTitan in front of the default spam filter. Configuring SpamTitan to greylist all non-whitelisted emails before forwarding whitelisted and returned emails to the O365 spam filter will reduce the volume of spam emails the O365 spam filter has to deal with and accelerate the delivery of genuine emails.

Companies can also apply other features of SpamTitan to save money on premium add-ons to the Office 365 enterprise plan or Microsoft 365 business plan. For example, companies that subscribe to Microsoft Defender for O365 benefit from features such as dual antivirus scanning, attachment scanning, and rewritten URLs (to prevent users being fooled to spoofed URLs). With SpamTitan, these features are included as standard with no additional premium to pay.

However, before adding greylisting to the O365 spam filter, it is important to be aware of a disadvantage. This is that mail from a new sender is delayed for a period of time equal to the retry interval of the originating server. This can be a problem for users signing up for an account that requires email verification as they may have to wait ten minutes for the verification email. However, once received, the email address can be added to a whitelist for future correspondence.

Further Reasons to Add SpamTitan to the Office 365 Spam Filter

Although SpamTitan can be deployed as a standalone spam filtering solution – either as an on-premises virtual appliance or in the cloud – it connects easily with Microsoft Exchange servers to add greylisting to the O365 spam filter. Not only are deployment and configuration simple, but provisioning (if required) is straightforward via Active Directory, and users will experience minimal changes to the way they send or receive emails.

In addition to offering companies the options of greylisting and on-premises deployment, SpamTitan can be used to perform further front-end checks such as recipient verification, Sender Policy Frameworks checks, and comparisons against real-time blocklists. If used for back-end email filtering, both SpamTitan deployment options include dual anti-virus protection, a granular policy engine (by user, department, domain, etc.), and comparisons against user-defined blacklists.

Ultimately, SpamTitan is the perfect solution to negotiate the shortcomings of the Office 365 spam filter. It offers an in-depth approach to threats such as phishing, malware, and ransomware; it uses predictive techniques to block new varieties of zero-day attacks before they reach users´ inboxes, and its greylisting capabilities raising the spam detection rate of the Office 365 spam filter from ~99% to 99.97%. To find out more, visit