Office 365 - Exchange Online - any way to block false URL spam?

spam microsoft-office-365 exchangeonline

5,570

Solution 1

Warning: I haven't tried this.

There's some debate over on the Office365 forum about regular expressions in HTML emails. The Microsoft support guy said, "Based on my experience, rules cannot filter texts in the html of emails."

However.

If the text and the HTML of the message are the same, you should be able to use a regular expression to detect links that don't match. Something like this from regexplib might be a starting point for something that might help:

&lt;a[\s]+[^&gt;]*?href[\s]?=[\s\&quot;\']+(.*?)[\&quot;\']+.*?&gt;([^&lt;]+|.*?)?&lt;\/a&gt;

Sorry I don't have anything better, but it was too long for a comment. Hopefully, someone else has something better for you.

Solution 2

Exchange Online Protection in Ex Plan 2 has some configurable options in the Spam Filter policy.

Use Set-HostedContentFilterPolicy to make configuration changes. TechNet link.

Parameters of note here include:

IncreaseScoreWithBizOrInfoUrls
IncreaseScoreWithImageLinks
IncreaseScoreWithNumericIps
IncreaseScoreWithRedirectToOtherPort
MarkAsSpamObjectTagsInHtml

Office 365 E5 plan includes Advanced Threat Protection, or this is also available as an add-on for users. Here you can leverage Safe Links, which is another set of rules that specifically govern URL handling. That could be worth the additional cost.

5,570

kralyk

I am TheCleaner.

Updated on September 18, 2022

Comments

kralyk almost 2 years
I've already asked this with Office 365 support but unfortunately I didn't really get anywhere this time due to the language barrier. They tried to tell me how to block it with a check box on the spam filtering advanced options but it did no good, nor did I think it would. So I figure I'll ask here in hopes that someone might know an answer or maybe another way.

SETUP:
- O365 Pro Plus E3 (which means Exchange Online Plan 2)
- Clients are Win7/8 all with Outlook 2013.
- No on-premise Exchange server, cloud only.
I'm wanting to prevent the following types of emails from getting through:

Basically, emails that have links in them that have a different target than the text of the URL itself.

Failing that, if there were a way to block emails only if they have URLs that end in .php would at least help.

I've looked at the various options within O365 and can't find anything specifically that would prevent it. The "body" filters don't search the target URL from what I can tell, but maybe I'm wrong here and haven't tested it correctly.

If there's a way to do it at the client/Outlook level I'm ok with that as well...just not as preferred.

Thanks!
kralyk over 9 years

Yeah, I have a few regex's but they seem to take effect on the URL text and not the underlying url itself. But I'll delve into it further.
kralyk over 7 years

I forgot I even asked this, but yes ATP will help handle this if you have it. products.office.com/en-us/exchange/…