Exchange
United States (English) Sign in
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
3 out of 3 rated this helpful - Rate this topic

Configure Content Filter Policies

Exchange Online
 

Applies to: Exchange Online Protection, Exchange Online

Topic Last Modified: 2013-06-06

You can edit the default spam content-filter policy to configure your company-wide content filter settings. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.

Content filter settings include selecting the action to take on messages identified as spam, and choosing whether to filter messages written in specific languages, or sent from specific countries or regions. Additionally, you can enable advanced spam filtering options if you want to pursue an aggressive approach to content filtering. Content-filter policy settings are applied to inbound messages only.

The following video shows how to configure the default content filter policy:

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Estimated time to complete: 30 minutes

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the “Anti-spam” entry in the Feature Permissions in Exchange Online topic.

For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.

  1. In the Exchange admin center (EAC), navigate to Protection > Content filter.

  2. Do one of the following:

    • Double-click the default policy in order to edit this company-wide policy.
    • Click the Add IconNew icon in order to create a new custom content-filter policy that can be applied to users, groups, and domains in your organization. You can also edit existing custom policies by double-clicking them.

  3. For custom policies only, specify a name for this policy. You can optionally specify a more detailed description as well. You cannot rename the default policy.

    noteNote:
    When creating a new policy, all configuration settings appear on a single screen, whereas when editing a policy you must navigate through different screens. The settings are the same in either case, but the rest of this procedure describes how to access these settings when editing a policy.

  4. Click the Actions menu item in order to select the action to take on a message for each confidence threshold level. Possible values are:

    1. Delete message   Deletes the entire message, including all attachments.
    2. Quarantine message   Sends the message to quarantine instead of to the intended recipients. If you select this option, in the Retain spam for (days) field input box, specify the number of days during which the spam message will be quarantined. (It will automatically be deleted after the time elapses. The default value is 15 days which is the maximum value. The minimum value is 1 day.)
      importantImportant:
      For information about how administrators can manage email messages that reside in the quarantine in the EAC, see Quarantine.
      For Exchange Online Protection (EOP) standalone customers only: For information about enabling end-user spam notifications, see Enable End-User Spam Notifications via Content Filter Policies. For information about using this feature, see Release a Quarantined Message and Optionally Report it as a False Positive (End Users).
    3. Move message to Junk Email folder   Sends the message to the Junk Email folder of the specified recipients. This is the default action for both confidence threshold levels.
      importantImportant:
      For Exchange Online Protection (EOP) customers: In order for this action to work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that Spam is Routed to Each User's Junk Email Folder.
    4. Add X-header   Sends the message to the specified recipients but adds a special X-header to the message that identifies it as spam. This X-header is then added to the email headers of all subsequent spam messages. You can create rules to filter messages that are marked with X-headers, if needed. You can customize the X-header text that is added to messages using the Add this X-header text input box.
    5. Prepend subject line with text   Sends the message to the intended recipients but prepends the subject line with the text that you specify in the Prefix subject line with this text input box.
    6. Redirect message to email address   Sends the message to a designated email address instead of to the intended recipients. Specify the “redirect” address in the Redirect to this email address input box.
    noteNote:
    For more information about spam confidence levels, see Spam Confidence Levels.

  5. Click the International Spam menu item in order to filter email messages written in specific languages, or sent from specific countries or regions. The service will apply the configured action.

    1. Select the Filter email messages written in the following languages check box to enable this functionality. Click Add Icon, and then in the selection dialog box, make your choices (multi-selection is supported). Click ok to return to the International Spam pane.
    2. Select the Filter email messages sent from the following countries or regions check box to enable this functionality. Click Add Icon, and then in the selection dialog box, make your choices (multi-selection is supported). Click ok to return to the International Spam pane.

  6. Click the Advanced Options menu item in order to specify On, Off, or Test for each advanced spam filtering option.

    1. When you turn an option on, messages are actively filtered according to the rule associated with that option. Messages are either marked as spam or will have their spam scores increased, depending on which options you turn on.
    2. When an option is set to off, no action is taken on messages that meet the spam filter criteria. All options are turned off by default.
    3. When an option is set to test mode, no action is taken on messages that meet the spam filter criteria. However, messages can be tagged with an X-header before they are delivered to the intended recipient; this X-header lets you know which ASF option was matched and what would happen if the option was set to on. If you specified Test for any of the advanced options, you can configure the following test mode settings to be applied when a match is made to a test-enabled option:
      • None   Take no test mode action on the message. This is the default.
      • Add the default test X-header text   Checking this option sends the message to the specified recipients but adds a special X-header to the message that identifies it as having matched a specific advanced spam filtering option.
      • Send a Bcc message to this address   Checking this option sends a blind carbon copy of the message to the email address you specify in the input box.
    tipTip:
    For more information about the advanced spam filtering options, see Advanced Spam Filtering Options.

  7. For custom policies only, click the Apply to menu item and then create a condition-based rule to specify the users, groups, and/or domains for whom to apply this policy. You can create multiple conditions provided that they are unique.

    • To select users, select The recipient is. In the subsequent dialog box, select one or more senders from your company from the user picker list and then click add. To add senders who aren’t on the list, type their email addresses and click Check names. In this box, you can also use wildcards for multiple email addresses (for example: *@domainname). When you are done with your selections, click ok to return to the main screen.
    • To select groups, select The recipient is a member of and then, in the subsequent dialog box, select or specify the groups. Click ok to return to the main screen.
    • To select domains, select The recipient domain is and then, in the subsequent dialog box, add the domains. Click ok to return to the main screen.

    You can create exceptions within the rule, for example you can filter messages from all domains except for a certain domain. Click add exception and then create your exception conditions similar to the way you created the other conditions.

  8. Click save. A summary of your policy settings appears in the right pane.

tipTip:
  • You can select or clear the check boxes in the ENABLED column to enable or disable your custom policies. All policies are enabled by default, and the default policy cannot be disabled.
  • To delete a custom policy, select the policy, click the Delete IconDelete icon, and then confirm that you want to delete the policy. The default policy cannot be deleted.
  • Custom policies always take precedence over the default policy. Custom policies run in the reverse order that you created them (from oldest to newest), but you can change the priority (running order) of your custom policies by clicking the Up Arrow Icon up arrow and Down Arrow Icon down arrow. The policy with a PRIORITY of 0 will run first, followed by 1, then 2, and so on.

To ensure that spam is being properly detected and acted upon, you can send a GTUBE message through the service. Similar to the EICAR antivirus test file, GTUBE provides a test by which you can verify that the service is detecting incoming spam. A GTUBE message should always be detected as spam by the content filter, and the actions that are performed upon the message should match your configured settings.

Include the following GTUBE text in a mail message on a single line, without any spaces or line breaks:

Copy 
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
 
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft
|
Site Feedback
© 2013 Microsoft. All rights reserved.