Outbound Spam Filter Check [CHK-1026]
This check verifies whether outbound emails from your organization are being scanned for spam.
Rationale
Spam originating from within your organization can be a sign of malware infection or potential reputational damage if legitimate emails are flagged as spam. The outbound spam filter also prevents automatic forwarding of emails, which can lead to data leaks and exploitation by malicious parties.
Fix
An automated fix is available through Attic.
To fix it yourself:
-
Navigate to the Microsoft 365 Defender portal.
-
Select "Email and collaboration" from the left-hand menu.
-
Select "Policies and rules" from the left-hand menu.
-
Select "Threat policies"
-
Select "Anti-spam"
-
Select the default policy anti-spam outbound policy.
-
Click on "Edit protection settings"
-
Enable the "Enable outbound spam filter" option.
-
Ensure the "Restriction placed on users who reach the message limit" option is set to "Restrict the user from sending email until the following day"
-
Click on "Save" to apply the changes.
Impact
Enabling the outbound spam filter ensures that all outgoing emails are scanned for spam, protecting your organization from potential malware infections, reputational damage, and data leaks.
More Information
For more details, refer to the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
-
CIS M365 4.2 - (L1) Ensure Exchange Online Spam Policies are set correctly.