cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Office 365 Spam detections Report

Dima Razbornov
Copper Contributor

‎Nov 24 2017 04:54 AM

‎Nov 24 2017 04:54 AM

Office 365 Spam detections Report

Good day all and happy Friday!

 

I see that spam reports has become much more informative, but this is the thing:

When I'm trying to hunt around about spam report, I have only option to choose Content filtered report. Only blue line with this report can be selected (clickable). However I see SMTP blocked, IP blocked, Directory blocked in the right of my report but where are all these data? In real time report (by hitting the blue line) or even after this report was scheduled and sent on my email I've only content filtered data in Event type ID column.

How can I quickly find these 1500 blocked IP if I have to review it or provide this information to the security officer? I have only content filter in all of my tenants, and no columns with SMTP blocked or IP blocked senders. Please help.

Screenshot_13.png

 

 

PS. I hope that Vasil M. will find my question interesting ^^_

9,255 Views
0 Likes
7 Replies
Reply
7 Replies
Robert Luck

‎Nov 24 2017 06:13 AM

‎Nov 24 2017 06:13 AM

Re: Office 365 Spam detections Report

Hello Dima Razbornov,

 

I think it seems to be a bug. You can get that missing information easily by executing 'Get-MailDetailSpamReport' PowerShell cmdlet.

 

If you are not interested in playing with PowerShell then you can get the help from 3rd party tools. AdminDroid is one such tool which can help you with your requirement. You can find the demo of spam report and the mail traffic dashboard.

0 Likes
Reply
best response confirmed by Dima Razbornov (Copper Contributor)
Vasil Michev

‎Nov 24 2017 10:57 AM

‎Nov 24 2017 10:57 AM

Solution

Re: Office 365 Spam detections Report

You can't, most of these are blocked even before hitting the Exchange servers, so there is no information available in any report. Third party tools included.

 

If you need "official" answer, the details are here: https://technet.microsoft.com/en-us/library/dn500744(v=exchg.150).aspx

1 Like
Reply
Dima Razbornov

‎Nov 25 2017 07:59 AM

‎Nov 25 2017 07:59 AM

Re: Office 365 Spam detections Report

Admin droid are cool, but they don't provide more information than original Office 365 reports. I've tried them before asking my question.  

Get-MailDetailSpamReport provides the same Event type, so there is no magic there if you look on it by yourself.

Event Type        : SpamContentFiltered

0 Likes
Reply
Chris McFarling

‎Dec 02 2017 02:32 PM

‎Dec 02 2017 02:32 PM

Re: Office 365 Spam detections Report

That seems like a shortcoming. If the system knows enough to show you on a report that 1689 messages were "IP blocked" it should be able to give details on each of those messages explaining why. The data is obviously logged somewhere. It needs to be exposed to admins. As it stands we have no visibility into the details of the vast majority of blocked messages. 

 

Capture.PNG

 

0 Likes
Reply
Vasil Michev

‎Dec 03 2017 10:33 AM

‎Dec 03 2017 10:33 AM

Re: Office 365 Spam detections Report

Well, do you really want to have a list of all the gazillion messages from that random well-known spammer? Even if you have the list, there's not much you can do with it - these messages never reach the service, you cannot "whitelist" them or anything.

 

But you can always try to convince Microsoft, that's why we have UserVoice (or go directly to your TAM).

0 Likes
Reply
Dima Razbornov

‎Dec 03 2017 10:43 AM

‎Dec 03 2017 10:43 AM

Re: Office 365 Spam detections Report

We can easily create our own white list and override default behavior using this functionality:

Screenshot_22.png

Preview file
20 KB
0 Likes
Reply
JosephNg

‎Apr 19 2019 04:11 AM

‎Apr 19 2019 04:11 AM

Re: Office 365 Spam detections Report

Seems this problem has been last for more than 1 year but not be able to resolved...

 

First of all, exchange online formally discouraged tenants using external secure mail gateway as the first line of defend of inbound MX.  This screwed me of analyzing inbound IP already.

 

Ok I can ignore that.  But then the spam IP blocking action does not have a proper report.  How can I tell whether the inbound IP blocking was a correct or not?

 

Can Microsoft grant tenants the options of enabling/disabling the spam IP blocking action?

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Dima Razbornov (Copper Contributor)
Vasil Michev

‎Nov 24 2017 10:57 AM

‎Nov 24 2017 10:57 AM

Solution

Re: Office 365 Spam detections Report

You can't, most of these are blocked even before hitting the Exchange servers, so there is no information available in any report. Third party tools included.

 

If you need "official" answer, the details are here: https://technet.microsoft.com/en-us/library/dn500744(v=exchg.150).aspx

View solution in original post

1 Like
Reply