Forum Discussion
Guest users identified as spam by Exchange
I work closely with 12 other organizations who share the same mission as my organization. They are guests users in our tenant.
Recently, many legitimate message from the guests users were falsely marked as spam. I know you can specify domains and/or users to consider as legitimate by the spam filter in https://security.microsoft.com/antispam.
My question is: can you specify something like "all guest users are considered legitimate" or "all b2b connected domains are considered legitimate" or do I have to do this operation manually?
Thanks,
Max
2 Replies
Hi mgiguere,
The best working solution for the problem of guest users being identified as spam by Exchange is to create a mail flow rule to whitelist messages from guest users. This will allow you to whitelist all guest users or all B2B connected domains without having to add each domain or user manually.
To create a mail flow rule to whitelist messages from guest users, follow these steps:
- Go to the Exchange admin center.
- Click on Mail flow.
- Click on Rules.
- Click on the New button.
- Enter a name for the rule.
- Under Apply to, select Messages.
- Under Where the sender, select is external.
- Under Do the following, select Modify the messsage properties and Set the spam confidence level (SCL).
- Select Bypass spam filtering.
- Click on the Save button.
Once you have created the mail flow rule, all messages from guest users will be whitelisted and will not be marked as spam.
Here are some additional tips for reducing the chances of legitimate messages from guest users being marked as spam:
- Make sure that your guest users are added to the Allowed senders list.
- Reduce the sensitivity of your spam filter.
- Work with your guest users to help them avoid sending emails that are likely to be marked as spam.
Here are some useful links or additional resources:
- How to whitelist a domain in Exchange Online Protection: https://activedirectorypro.com/whitelist-a-domain-in-office-365/
- How to create a mail flow rule in Exchange Online: https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules
- How to reduce spam in Exchange Online: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-policies-configure?view=o365-worldwide
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)- Hello LeonPavesic,
It seems to me that the main solution you provided would whitelist every external users. We only want to whitelist guest users, not unknown people.
You also suggested we "whitelist a domain in Exchange Online Protection", which is a solution I discussed in my original post, but my question still remains: do we have to manually whitelist domains and/or users or we can sync it with the Azure AD user list somehow?
