Exchange Online auto forwards spam

%3CLINGO-SUB%20id%3D%22lingo-sub-1020399%22%20slang%3D%22en-US%22%3EExchange%20Online%20auto%20forwards%20spam%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020399%22%20slang%3D%22en-US%22%3E%3CP%3EA%20customer%20uses%20Salesforce%20email-to-case%20feature%2C%20which%20is%20receiving%20tons%20of%20spam%20via%20Exchange%20Online.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESalesforce%20recommends%20implementing%20the%20email-to-case%20feature%20by%20auto-forwarding%20emails%20from%20a%20'published'%20mailbox%20(e.g.%2C%20help%40contoso.com)%20to%20an%20'obscure'%20email%20address%20that%20Salesforce%20creates%20in%20the%20customer's%20SalesForce%20instance.%20(The%20Salesforce%20email%20address%20obscured%20-%20it's%20includes%20a%20long%20string%20of%20random%20characters%20to%20make%20it%20difficult%20to%20guess%2C%20and%20no%20messages%20are%20sent%20from%20it.%20Also%20one%20can%20change%20the%20Salesforce%20address%20in%20case%20it's%20ever%20published.)%20Salesforce%20opens%20or%20updates%20a%20case%20based%20on%20the%20'from'%20address%20and%2For%20finding%20a%20case%20number%20in%20the%20subject%20or%20body.%20The%20customer%20deals%20with%20all%20messages%20sent%20to%20help%40constoso.com%20in%20Salesforce%2C%20not%20in%20Outlook.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20recommended%20by%20Salesforce%2C%20the%20customer%20has%20implemented%20auto-forwarding%20on%20the%20help%40contoso.com%20mailbox%20to%20send%20everything%20it%20receives%20to%20the%20Salesforce%20email%20address%20that%20is%20hosted%20by%20Salesforce.%20About%20half%20of%20email%20sent%20to%20help%40constoso.com%20is%20spam%20-%20not%20a%20surprise%20since%20they%20publish%20the%20email%20address%20on%20their%20website.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EProblem%3A%20Exchange%20auto-forwards%20messages%20*before*%20they%20go%20through%20the%20spam%20filter%20(or%20any%20other%20filter%20other%20than%20DBEB%2C%20as%20far%20as%20I%20can%20see.)%20The%20help%40contoso.com%20mailbox%20is%20pretty%20clean%20when%20accessed%20through%20Outlook%2C%20but%20Salesforce%20is%20receiving%20tons%20of%20spam.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20some%20ideas%20on%20how%20to%20address%20this%20by%20checking%20headers%20set%20by%20EOP%20outbound%20spam%20protection%20in%20a%20transport%20rule%20applied%20to%20outgoing%20messages%20to%20the%20salesforce%20address.%20But%20in%20the%20name%20of%20getting%20rid%20of%20spam%20more%20easily%2C%20there%20should%20be%20an%20option%20for%20auto-forwarding%20to%20NOT%20forward%20messages%20that%20are%20directed%20to%20Quarantine%20or%20Junk%20by%20EOP%20or%20ATP.%20IOW%2C%20we%20should%20have%20the%20option%20to%20auto-forward%20only%20messages%20that%20end%20up%20in%20the%20Inbox.%20(Maybe%20there%20is%20such%20an%20option%2C%20and%20I've%20missed%20it.)%20After%20all%2C%20the%20customer%20is%20paying%20for%20an%20EOP%20license%20on%20this%20mailbox%20(and%20they%20are%20willing%20to%20buy%20an%20ATP%20license%20for%20the%20mailbox%2C%20if%20it%20would%20do%20them%20any%20good%20-%20which%20currently%2C%20it%20won't.)%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EBefore%20migrating%20to%20Exchange%20Online%2C%20the%20customer%20passed%20all%20messages%20through%20a%20third-party%20spam%2Fmalware%20filter%20before%20sending%20them%20to%20Exchange%20on-prem%2C%20and%20they%20did%20not%20have%20this%20problem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1020399%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020786%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20auto%20forwards%20spam%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020786%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F361486%22%20target%3D%22_blank%22%3E%40robmacf9108931%3C%2FA%3E%26nbsp%3B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20Customers%20has%20old%20cloud%20spam%20filter%2C%20they%20can%20integrate%20with%20O365%20by%20special%20connector%20from%20spam%20filter%20to%20O365.%20It's%20save%20time%20for%20adopt%20new%20rule%20in%20EOP%20for%20your%20business.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMX-%26gt%3BCloud%20Spam%20Filter%20Service%20-%26gt%3B%20Office%20365%20and%20back.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20experiences%20working%20with%20EOP%20amd%20~500K-1KK%20per%20day%2C%20it's%20create%20special%20rule%20and%20filter%20by%20region.%3C%2FP%3E%3CP%3EEOP%20have%20~95-97%25%20level%20protection%2C%20as%20result%20it's%20maybe%20~500-1k%20messages%20per%20day%20not%20filtering.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20not%20have%20Security%20Officer%2C%20who%20can%20investigate%20messages%20in%20your%20special%20Junk%20mailbox.%20You%20can%20lost%20critical%20information%20in%26nbsp%3Bspecial%20Junk%20mailbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

A customer uses Salesforce email-to-case feature, which is receiving tons of spam via Exchange Online.

 

Salesforce recommends implementing the email-to-case feature by auto-forwarding emails from a 'published' mailbox (e.g., help@contoso.com) to an 'obscure' email address that Salesforce creates in the customer's SalesForce instance. (The Salesforce email address obscured - it's includes a long string of random characters to make it difficult to guess, and no messages are sent from it. Also one can change the Salesforce address in case it's ever published.) Salesforce opens or updates a case based on the 'from' address and/or finding a case number in the subject or body. The customer deals with all messages sent to help@constoso.com in Salesforce, not in Outlook.

 

As recommended by Salesforce, the customer has implemented auto-forwarding on the help@contoso.com mailbox to send everything it receives to the Salesforce email address that is hosted by Salesforce. About half of email sent to help@constoso.com is spam - not a surprise since they publish the email address on their website.

 

Problem: Exchange auto-forwards messages *before* they go through the spam filter (or any other filter other than DBEB, as far as I can see.) The help@contoso.com mailbox is pretty clean when accessed through Outlook, but Salesforce is receiving tons of spam.

 

I have some ideas on how to address this by checking headers set by EOP outbound spam protection in a transport rule applied to outgoing messages to the salesforce address. But in the name of getting rid of spam more easily, there should be an option for auto-forwarding to NOT forward messages that are directed to Quarantine or Junk by EOP or ATP. IOW, we should have the option to auto-forward only messages that end up in the Inbox. (Maybe there is such an option, and I've missed it.) After all, the customer is paying for an EOP license on this mailbox (and they are willing to buy an ATP license for the mailbox, if it would do them any good - which currently, it won't.)

Before migrating to Exchange Online, the customer passed all messages through a third-party spam/malware filter before sending them to Exchange on-prem, and they did not have this problem.

 

1 Reply
Highlighted

Hi @robmacf9108931 .

 

If Customers has old cloud spam filter, they can integrate with O365 by special connector from spam filter to O365. It's save time for adopt new rule in EOP for your business. 

 

MX->Cloud Spam Filter Service -> Office 365 and back. 

 

My experiences working with EOP amd ~500K-1KK per day, it's create special rule and filter by region.

EOP have ~95-97% level protection, as result it's maybe ~500-1k messages per day not filtering. 

 

If you not have Security Officer, who can investigate messages in your special Junk mailbox. You can lost critical information in special Junk mailbox.