cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

EOP how to import / manage a large blacklist

smog-cliche
Copper Contributor

‎May 20 2019 06:39 AM

‎May 20 2019 06:39 AM

EOP how to import / manage a large blacklist

Hi everyone,


We have recently switched to EOP and are now struggling with the amount of spam and potentially dangerous files that are still getting through. We have set EOP to send spam through to the users Junk folder and phishing mails to the hosted quarantine.

We noticed now that some dangerous mails are still ending up in the junk folder. We would like to prevent this. With our previous antispam solution we had a large blacklist of addresses and domains which filtered out a lot of the spam we were getting. I would like to import this blacklist into EOP.


However it is about 1900 entries long and I have honestly no clue how to manage a blacklist this large in EOP. The spam blocklist limit is around 500 if I am not mistaken. And also we want these mails to go to the hosted quarantine (as they were blacklisted before and potentially sending malware we are 100% sure we don't want any of the mails arriving in the users junk folder).


I have tried creating mailflow rules but these are limited to a length of 8000something characters. To accomodate our blacklist we would have to create probably 6 or more Rules. Adding addresses via powershell is limited per command as well, so managing it like that is very tedious.


This can't be the way it is supposed to work? Has anybody got a solution or a better idea for this?


Thanks in advance!

Labels:
3,673 Views
2 Likes
3 Replies
Reply
3 Replies
Christopher Hoard

‎May 20 2019 06:54 AM

‎May 20 2019 06:54 AM

Re: EOP how to import / manage a large blacklist

You are correct about the hard limits of the safe and blocked sender lists

https://docs.microsoft.com/en-us/office365/securitycompliance/safe-sender-and-blocked-sender-lists-f...

If they are that large and absolutely must be blocked then I would consider a third party AV/AS which does not have these hard limits. There are several well known ones which work with Office 365

Hope that answers your question

Best, Chris
2 Likes
Reply
smog-cliche

‎May 20 2019 07:36 AM

‎May 20 2019 07:36 AM

Re: EOP how to import / manage a large blacklist

Hi Christopher,

Thanks for taking the time to respond!

Unfortunately using a third party AS is not possible for us at the moment (As we only switched recently).
If there is no other way I will have to add the Mailflow Rules. But I will see maybe somebody has had the same problem and found a simpler way.

Best regards,
Anna
2 Likes
Reply
Christopher Hoard

‎May 20 2019 08:04 AM

‎May 20 2019 08:04 AM

Re: EOP how to import / manage a large blacklist

Thanks for letting me know. In that case it is going to be multiple mail flow rules in order to get around the limit.

There is a uservoice here in order to raise the limit

https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/33529975-sp...

Would recommend to vote on this and push it up the agenda.

In terms of the dangerous files you mention may want to look at Advanced Threat Protection to add to EOP which protects against malicious attachments and URL’s

Hope that answers your question.

Best, Chris
1 Like
Reply