Notify Administrator of Outbound Spam [CHK-1065]
Email boxes are safeguarded against spam by Exchange Online. In some instances, forwarding notifications of blocked emails to administrators is beneficial.
Rationale
A blocked outgoing email can signal that the sender's account may have been compromised and is being used to send spam.
Fix
An automated fix is available through Attic, which can be accepted via a ticket.
To fix it yourself, follow these steps:
- Navigate to Microsoft 365 Defender
- Expand Email & Collaboration and select Policies & Rules
- On the Policies & Rules page, select Anti-spam under Policies
- Click on Anti-spam outbound policy (default)
- Select Edit protection settings under Notifications
- Check ON: Send a copy of outbound messages that exceed these limits to these users and groups and enter the desired email addresses
- Check ON: Notify these users and groups if a sender is blocked due to sending outbound spam and enter the desired email addresses
- Click on Save
Impact
Upon successful implementation of the fix, detections of outbound spam will be forwarded to the specified administrator email address, enhancing the security of your environment.
More Information
For more details, refer to the CIS Item: 4.2 (L1) Ensure Exchange Online Spam Policies are set to notify administrators (Automated) under the E3 Level 1 Profile.