Phishing mails

%3CLINGO-SUB%20id%3D%22lingo-sub-1085454%22%20slang%3D%22en-US%22%3EPhishing%20mails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085454%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20O-365%20Security%20%26amp%3B%20Compliance%20center%2C%20Threat%20protection%20status%20report%2C%20I'm%20seeing%20lots%20of%20hits%20detected%20by%20Malicious%20URL%20reputation.%26nbsp%3B%20However%20many%20(none%3F)%20of%20these%20emails%20are%20being%20bounced%2Fquarantined%2Fmove%20to%20Spam%2C%26nbsp%3B%22%3CSTRONG%3EI%20know%20there%20are%20the%20policy%20settings%20in%20Threat%20Management%20-%26gt%3B%20Policy.%26nbsp%3B%20This%20enables%20control%20of%20anti-phishing%2C%20anti-spam%2C%20anti-malware%2C%20Quarantine%20and%20DKIM%20.%26nbsp%3B%20But%20what%20links%20the%20Malicious%20URL%20Reputation%20to%20one%20of%20these%3F%22%3C%2FSTRONG%3E%20(It's%20also%20interesting%20that%20in%20most%20situations%20it%20does%20not%20seem%20to%20be%20detecting%20a%20threat%2C%20but%20the%20conversations%20that%20are%20happening%20as%20a%20result%20of%20the%20threat%2C%20ex%3A%20all%20mails%20including%20original%20mails%20are%20going%20in%20Junk.)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Visitor

In the O-365 Security & Compliance center, Threat protection status report, I'm seeing lots of hits detected by Malicious URL reputation.  However many (none?) of these emails are being bounced/quarantined/move to Spam, "I know there are the policy settings in Threat Management -> Policy.  This enables control of anti-phishing, anti-spam, anti-malware, Quarantine and DKIM .  But what links the Malicious URL Reputation to one of these?" (It's also interesting that in most situations it does not seem to be detecting a threat, but the conversations that are happening as a result of the threat, ex: all mails including original mails are going in Junk.)

0 Replies