Forum Discussion
Solved
Tenant allow/block list and Exchange rules - order of execution
I've just been trying to reduce all the emails from a particularly large global spam bot which hit my tenant daily and aren't being picked up automatically as SPAM by the service. The bot uses many...
In as much as the Advanced Threat Protection offers more features such as heuristic detection mechanism for suspicious contents in an email, it is important to consider the order of precedence that EOP applies to email. Also, when you block a domain using the TABL feature, always select the option "never expire".
Useful Article
https://learn.microsoft.com/en-us/defender-office-365/how-policies-and-protections-are-combined
https://learn.microsoft.com/en-us/defender-office-365/protection-stack-microsoft-defender-for-office365
I hope you find this useful.
Thanks
- Thanks. It's a good idea, but ours is a non-profit tenant so (extra) cost is always a significant obstacle for us. There is also the issue that the current SPAM bot network hitting our service is sending out advertising SPAM rather than scam/phishing messages, and when you look, they are even compliant with the various anti-spam protocols. We have another flavour of commercial SPAM where individuals (mainly in India) are peddling web design, SEO optimisation etc. These will appear to mail services as legitimate mail - and it's difficult to see how ATP would be any better at spotting them and trapping than we can. I will give ATP another look though.
