Forum Discussion
Exchange Online - Safe List Confusion
Hello,
We just switched from Mimecast to Microsoft Defender for Office 365 (ATP). I'm a little confused about best practice with using Microsoft's SPAM filters (I had a similar question with Mimecast as well).
Why does Microsoft say it's best practice to not add email addresses to the safelist (per documentation), yet prompts the users to add email addresses to their own safelist? Our users get prompted if they want to trust the sender in order to see HTML images in email.
I assume this does the same thing as the global safe/allow list and bypasses some of the filtering in place.
Thanks
When addresses are added to the organizational safe/block list it can create problems for individual users. I will provide a few examples below. Mailbox safe list by passes scanning like spoof and spam.
Scenario 1: mailto:mailspoofed@mailer.con is allowed - Organizational safe list
Mark's mailbox - at risk/bypassed
Tim's mailbox - at risk/bypassed
Hannah's mailbox - at risk/bypassed
Scenario 2: mailto:mailspoofed@mailer.con is allow by Tim - Outlook safe list
Mark's mailbox - still scans
Tim's mailbox - at risk/bypassed
Hannah's mailbox - still scans
2 Replies
When addresses are added to the organizational safe/block list it can create problems for individual users. I will provide a few examples below. Mailbox safe list by passes scanning like spoof and spam.
Scenario 1: mailto:mailspoofed@mailer.con is allowed - Organizational safe list
Mark's mailbox - at risk/bypassed
Tim's mailbox - at risk/bypassed
Hannah's mailbox - at risk/bypassed
Scenario 2: mailto:mailspoofed@mailer.con is allow by Tim - Outlook safe list
Mark's mailbox - still scans
Tim's mailbox - at risk/bypassed
Hannah's mailbox - still scans
Thanks. I still think it's a little bit of an unnecessary risk to have users add emails to the safe list (which is limited to 1024 addresses I think) just to see images in emails when they open it.
