Forum Discussion
Mastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
In today’s cloud-driven landscape, protecting your organization’s email flow is not only about stopping inbound threats—it’s also about ensuring your users aren’t the source of outbound spam. Whether...
rijojoy7 Hello, I need help to create outbound spam policy.
I would like to create outbound spam policy for the entire org to restrict Daily message limit.
- First, to test the policy if I only mention one user individual and apply restriction to Daily message limit, External and Internal message to hour. So, it will only apply to the single user but not the entire domain. I am asking because I see AND condition in the policy that is why I am little bit confused.
- We have Automatic forwarding enabled in the separate policy but for few users but "Automatic - forwarding - On' is selected in the policy , so the same way I need to select in the new Outbound spam policy when we apply for entire org.
- Also, Set hourly Internal and external message will override the Microsoft limit.?
I just want to make sure it would impact the other thing, help me if you can.
- Users
These are individual mailboxes, mail users, or mail contacts.
Example: You want to apply the policy to email address removed for privacy reasons and email address removed for privacy reasons. You enter both email addresses in the "Users" box.
Result: The policy applies to emails sent by Alex or Jessica - Groups
You can choose
Distribution groups
Mail-enabled security groups
Microsoft 365 Groups (but NOT dynamic distribution groups)
Example -You select the group email address removed for privacy reasons.
Result -The policy applies to all members of the SalesTeam group - Domains
You can apply the policy to senders whose primary email belongs to a specific domain.
Example: You enter contoso.com.
Result: The policy applies to everyone in your organization with an email like email address removed for privacy reasons.
Note: If you include contoso.com, it also automatically includes subdomains like marketing.contoso.com, unless you specifically exclude them - How to Add Values
Click in the appropriate box (Users, Groups, or Domains).
Start typing an identifier—this can be a name, alias, email, etc.
Select from the dropdown list.
You can repeat this step to add multiple entries.
Example: Add email address removed for privacy reasons and email address removed for privacy reasons. Both will be included - Logic Applied (OR vs. AND)
Same category (Users/Groups/Domains) = OR logic.
If any match, policy is applied.
Example: If either email address removed for privacy reasons OR email address removed for privacy reasons sends an email, the policy applies.
Different categories combined (User + Group) = AND logic.
All conditions must match.
Example
User: email address removed for privacy reasons
Group: Executives
Result: The policy only applies if Romain is a member of Executives group - Exclude Internal Senders (Sender Exceptions)
This lets you exclude specific senders from the policy.
Same category exclusions = OR logic
Different category exclusions = OR logic too
Example:
You exclude:
email address removed for privacy reasons
email address removed for privacy reasons
Domain: hr.contoso.com
Result: If the sender is Lisa, or in the ITTeam group, or has an email in hr.contoso.com, the policy won’t apply
rijojoy7 Hello, Is there any limit set by Microsoft for "Restrict sending to external recipients or Internal recipients"
If I add any value so that would work or conflict with Microsoft ?
and if I add domain so that will be applied to Individual users. Lets suppose I add 1000 as daily message limit so that will be applied to individual users not the total emails sent by total for all users to 1000.?
- Users
