Export (0) Print
Expand All

Configure Content Filter Policies

Exchange 2013
 

Applies to: Exchange Online Protection, Exchange Online

Topic Last Modified: 2014-06-20

You can edit the default spam content-filter policy to configure your company-wide content filter settings. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.

Content filter settings include selecting the action to take on messages identified as spam, and choosing whether to filter messages written in specific languages, or sent from specific countries or regions. Additionally, you can enable advanced spam filtering options if you want to pursue an aggressive approach to content filtering. Content-filter policy settings are applied to inbound messages only.

ImportantImportant:
For EOP standalone customers: By default, the EOP content filters send spam-detected messages to each recipients’ Junk Email folder. However, in order to ensure that the Move message to Junk Email folder action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that spam is routed to each user's Junk Email folder.

The following video shows some of the configuration steps described in this topic:

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Estimated time to complete: 30 minutes

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the “Anti-spam” entry in the Feature permissions in Exchange Online topic.

For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

  1. In the Exchange admin center (EAC), navigate to Protection > Content filter.

  2. Do one of the following:

    • Double-click the default policy in order to edit this company-wide policy.

    • Click the Add IconNew icon in order to create a new custom content-filter policy that can be applied to users, groups, and domains in your organization. You can also edit existing custom policies by double-clicking them.

  3. For custom policies only, specify a name for this policy. You can optionally specify a more detailed description as well. You cannot rename the default policy.

    NoteNote:
    When creating a new policy, all configuration settings appear on a single screen, whereas when editing a policy you must navigate through different screens. The settings are the same in either case, but the rest of this procedure describes how to access these settings when editing a policy.
  4. Click the Actions menu item in order to select the action to take on a message for each confidence threshold level (Spam which is considered suspected spam or High confidence spam which is considered certain spam). Possible values are:

    1. Delete message   Deletes the entire message, including all attachments.

    2. Quarantine message   Sends the message to quarantine instead of to the intended recipients. If you select this option, in the Retain spam for (days) input box, specify the number of days during which the spam message will be quarantined. (It will automatically be deleted after the time elapses. The default value is 15 days which is the maximum value. The minimum value is 1 day.)

      TipTip:
    3. Move message to Junk Email folder   Sends the message to the Junk Email folder of the specified recipients. This is the default action for both confidence threshold levels.

      ImportantImportant:
      For Exchange Online Protection (EOP) customers: In order for this action to work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that spam is routed to each user's Junk Email folder.
    4. Add X-header   Sends the message to the specified recipients but adds X-header text to the message header that identifies it as spam. Using this text as an identifier, you can optionally create rules to filter or route the messages as needed. The default X-header text is This message appears to be spam.

      You can customize the X-header text using the Add this X-header text input box. If you customize the X-header text, be aware of the following:

      • If you specify only the header in the format <header>, where there are no spaces within the <header>, then a colon will be appended to the custom text, followed by the default text. . For example, if you specify “This-is-my-custom-header”, the X-header text will appear as “This-is-my-custom-header: This message appears to be spam.”

      • If you include spaces within the custom header text, or if you add the colon yourself, such as “X This is my custom header” or “X-This-is-my-custom-header:”, the X-header text will revert back to the default as “X-This-Is-Spam: This message appears to be spam.”

      • You can’t specify the header text in the format <header>:<value>. If you do this, then both values before and after the colon will be ignored, and the default X-header text appears instead: “X-This-Is-Spam: This message appears to be spam.”

    5. Prepend subject line with text   Sends the message to the intended recipients but prepends the subject line with the text that you specify in the Prefix subject line with this text input box. Using this text as an identifier, you can optionally create rules to filter or route the messages as needed.

    6. Redirect message to email address   Sends the message to a designated email address instead of to the intended recipients. Specify the “redirect” address in the Redirect to this email address input box.

    NoteNote:
    For more information about spam confidence levels, see Spam confidence levels.
  5. Click the International Spam menu item in order to filter email messages written in specific languages, or sent from specific countries or regions. You can configure up to 86 different languages and 250 different regions. The service will apply the configured action for high confidence spam.

    1. Select the Filter email messages written in the following languages check box to enable this functionality. Click Add Icon, and then in the selection dialog box, make your choices (multi-selection is supported). For example, if you select to filter messages written in Arabic (AR), and Quarantine message is your configured action for high confidence spam messages, then any messages written in Arabic will be quarantined. Click ok to return to the International Spam pane.

    2. Select the Filter email messages sent from the following countries or regions check box to enable this functionality. Click Add Icon, and then in the selection dialog box, make your choices (multi-selection is supported). For example, if you select to filter all messages sent from Australia (AU), and Quarantine message is your configured action for high confidence spam messages, then any messages sent from Australia will be quarantined. Click ok to return to the International Spam pane.

    NoteNote:
    By default, if no international spam options are selected, the service performs normal spam filtering on messages sent in all languages and from all regions. Messages are analyzed and the configured actions are applied if the message is determined to be spam or high confidence spam.
  6. Click the Advanced Options menu item in order to specify On, Off, or Test for each advanced spam filtering option.

    1. On   Messages are actively filtered according to the rule associated with that option. Messages are either marked as spam or will have their spam scores increased, depending on which options you turn on.

    2. Off   No action is taken on messages that meet the spam filter criteria. All options are turned off by default.

    3. Test   No action is taken on messages that meet the spam filter criteria. However, messages can be tagged with an X-header before they are delivered to the intended recipient; this X-header lets you know which ASF option was matched. If you specified Test for any of the advanced options, you can configure the following test mode settings to be applied when a match is made to a test-enabled option:

      • None   Take no test mode action on the message. This is the default.

      • Add the default test X-header text   Checking this option sends the message to the specified recipients but adds a special X-header to the message that identifies it as having matched a specific advanced spam filtering option.

      • Send a Bcc message to this address   Checking this option sends a blind carbon copy of the message to the email address you specify in the input box.

    TipTip:
    For more information about the advanced spam filtering options, including descriptions about each option and the X-header text associated with each one, see Advanced Spam Filtering Options.
  7. For custom policies only, click the Apply to menu item and then create a condition-based rule to specify the users, groups, and/or domains for whom to apply this policy. You can create multiple conditions provided that they are unique.

    • To select users, select The recipient is. In the subsequent dialog box, select one or more senders from your company from the user picker list and then click add. To add senders who aren’t on the list, type their email addresses and click Check names. In this box, you can also use wildcards for multiple email addresses (for example: *@domainname). When you are done with your selections, click ok to return to the main screen.

    • To select groups, select The recipient is a member of and then, in the subsequent dialog box, select or specify the groups. Click ok to return to the main screen.

    • To select domains, select The recipient domain is and then, in the subsequent dialog box, add the domains. Click ok to return to the main screen.

    You can create exceptions within the rule, for example you can filter messages from all domains except for a certain domain. Click add exception and then create your exception conditions similar to the way you created the other conditions.

  8. Click save. A summary of your policy settings appears in the right pane.

TipTip:
  • You can select or clear the check boxes in the ENABLED column to enable or disable your custom policies. All policies are enabled by default, and the default policy cannot be disabled.

  • To delete a custom policy, select the policy, click the Delete iconDelete icon, and then confirm that you want to delete the policy. The default policy cannot be deleted.

  • Custom policies always take precedence over the default policy. Custom policies run in the reverse order that you created them (from oldest to newest), but you can change the priority (running order) of your custom policies by clicking the Up Arrow Icon up arrow and Down Arrow Icon down arrow. The policy with a PRIORITY of 0 will run first, followed by 1, then 2, and so on.

You can also configure and apply content filter policies in PowerShell. To learn how to use Windows PowerShell to connect to Exchange Online, see Connect to Exchange Online using remote PowerShell. To learn how to use Windows PowerShell to connect to Exchange Online Protection, see Connect to Exchange Online Protection using remote PowerShell.

To apply a custom content filter policy to users, groups, and/or domains, use the New-HostedContentFilterRule cmdlet (to create a new filter rule that can be applied to custom policies) or the Set-HostedContentFilterRule cmdlet (to edit an existing filter rule that can be applied to custom policies). Use the Enable-HostedContentFilterRule cmdlet or the Disable-HostedContentFilterRule cmdlet to enable or disable the rule applied to the policy.

To ensure that spam is being properly detected and acted upon, you can send a GTUBE message through the service. Similar to the EICAR antivirus test file, GTUBE provides a test by which you can verify that the service is detecting incoming spam. A GTUBE message should always be detected as spam by the content filter, and the actions that are performed upon the message should match your configured settings.

Include the following GTUBE text in a mail message on a single line, without any spaces or line breaks:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft