Quantcast
Channel: Terry Zink: Security Talk
Viewing all articles
Browse latest Browse all 243

Understanding identification of Bulk Email in Office 365

$
0
0

Bulk email, sometimes referred to as grey mail, or gray mail, is a type of email that is difficult to classify for all users at a global level. Bulk or gray email is email that some users want but others consider spam. For example, some users want their email from Amazon Local’s Daily Deals or invitations to an upcoming conference on cyber security. Other users consider this email spam.

The reason that it is called gray mail is because it is not a spam/non-spam decision, it is a shade of gray:

  • If we decide that gray mail X is spam, the users that want it will complain and submit it as a false positive that was wrongly marked as spam

  • If we decide that gray mail X is non-spam, the users that don’t want it will complain and submit it as a missed spam message that wrongly arrived in their inbox


In other words, there is no solution that will satisfy all users.

To get around this problem, Office 365 has an option that allows tenant administrators to mark all  messages that the service identifies as bulk as spam (see Advanced Spam Filtering Options). If an administrator selects this option, and users start seeing messages that they want in their junk mail folders, they can add bulk email that they want to their safe senders list. Alternatively, administrators can create Exchange Transport Rules (in Exchange Online) or Policy Rules (in FOPE) to allow certain types of messages at a global level for everyone.

To determine how Office 365 decides that sending IP addresses as Bulk emailers, we use the following criteria:

  1. Sends promotional email in bulk

    The sending IP belongs to a sender that is known to send promotional materials or are known (or suspected) email marketers. Email messages may or may not have an Unsubscribe link.

  2. Not a “good” bulk emailer with good list management practices

    The contents of the message are sent in bulk but Office 365 is unclear about the quality of its email list acquisition. This means that good bulk mailers can be exempted from the list because they practice good bulk email sending (double opt-in, etc.).

    The reason they are exempted is because if these IPs were on the bulk senders list, the relative increase in user satisfaction (people who think their messages are spam) is overweighed by the decrease in user satisfaction from people who want these messages. Even though blocking these messages is optional, enough complaints are generated such that including them globally still causes a net negative effect on the user experience.

    If customers still want to block email from bulk emailers that are not listed by Office 365, the following are workarounds:

    a) For the administrator, add the sending IPs to a Block list or domains to a Transport rule:
    Configure IP Block list properties
    Create a Domain-Based Safe Sender or Blocked Sender List Using Transport Rules

    b) For the end-user, if users’ blocked and safe senders are sync’ed with Office 365, the user should add the sender to their Blocked Senders list:
    Safe Sender and Blocked Sender Lists FAQ

    c) For the administrator, to more generically block bulk email, see the following article:
    How to create more aggressive Bulk Email settings in Exchange Online

  3. IP addresses are specific

    IPs are usually added singly or by CIDR range. They are not typically added by reverse DNS but they can be.

  4. Customers are not exempt

    Office 365 customer IPs (i.e., IPs used to relay outbound email from customer on-premise mail servers through the service and out to the Internet) can be listed as bulk emails. Office 365 does not provide outbound bulk emailing services.

The above summary should provide all the information necessary to understand Bulk Email identification in Office 365.


Viewing all articles
Browse latest Browse all 243

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>