Office 365 - what is in the "Sensitive Word List" for spam filtering?

spam exchange-2013 microsoft-office-365
20,237

Solution 1

OK, so after going round and round with Microsoft support on this, I was transferred to someone that was at least willing to help. The first 2 techs stated the list was for "internal use only", but the third person explained that while it is true they don't have access to the actual list, they do state that it was derived from the same sensitive words list used for Forefront for Exchange and FOPE (Forefront Online Protection for Exchange) back in the day.

So, here's a list of EXAMPLES that a tech at Microsoft was willing to share. NOTE that it isn't the entire list, only a small subset of examples. I'm also told that it isn't case sensitive and that variations of spellings are also accounted for.

PLEASE NOTE, PER SE STAFF RULES/GUIDANCE THAT THIS LIST IS NSFW. WHILE HOSTED ON PASTEBIN WHICH IS A PERFECTLY ACCEPTABLE SITE AND IS ONLY TEXT, NOTE THAT THE EXAMPLES GIVEN ARE COMPLETELY NSFW...YOU'VE BEEN WARNED.

NSFW LINK: http://pastebin.com/s1vFSJyQ

EDIT (NSFW): Possibly the full FOPE list from back in the day: http://pastebin.com/cKMQFRwU

Hopefully this helps others like myself in properly testing out the sensitive words list properly after enabling it withing Office 365 / Exchange Online.

Solution 2

Microsoft. Microsoft knows what's on the list. They don't publish it. You could open a PSS ticket and ask - have you tried that? Your O365 dashboard makes it easy to open a non-criticals support ticket.

Also - even though it's not editable, you can make a transport rule yourself to exempt certain words from being blocked, if you find that to be a problem.

Share:
20,237

Related videos on Youtube

kralyk
Author by

kralyk

I am TheCleaner.

Updated on September 18, 2022

Comments

  • kralyk
    kralyk almost 2 years

    In Office 365 you can toggle a few settings to help with spam email filtering.

    Among these is a setting to enable a "Sensitive Word List" as shown below:

    enter image description here

    The problem is...I can't find any list on Technet or elsewhere online showing what this list actually contains. It isn't editable, and isn't accessible via Exchange Online's Powershell either.

    I even ventured the thought that this list was carry over from Forefront but still can't find an actual list.

    So...does anyone actually know what is included in this list?

    • FooBee
      FooBee over 9 years
      Well, I would guess they don't really want this list to be public, to avoid that spammers get their hand on it and adapt their crap to it.
    • kralyk
      kralyk over 9 years
      @SvW - that makes sense, but it would be nice for them to at least give examples. As it stands now I have no clue what's on it. I've tried turning it on and sending myself emails with various cuss words, viagra, porn words, etc. and they all get through...so I'm curious what MS considers "sensitive" if those aren't.
  • kralyk
    kralyk over 9 years
    Yeah, I opened a ticket and asked. I was told by O365 support "we don't have access to that list."
  • kralyk
    kralyk over 9 years
    And yeah, I can create rules, but it'd be nice to flip the switch instead of creating a custom "sensitive words" rule.
  • mfinni
    mfinni over 9 years
    Could be worse. I tried registering a customer that has the string "visa" in their (made-up-word) company name. Fail fail fail, for no visible reason. Took about two days of requesting PSS escalation before they determined that certain strings are on a possible-domain-hijacking-list, which of course the techs have no access to and in fact don't know about.
  • kralyk
    kralyk over 9 years
    OK, so I got an updated call from MS Support and have "examples" but I'm not sure if I can even post the list here or not...lol
  • BlueCompute
    BlueCompute over 9 years
    What are they going to do about it? Post and be damned innit. It's in the public interest.
  • kralyk
    kralyk over 9 years
    @BlueCompute - Done...it wasn't MS I was concerned about, it was SE staff...but we worked it out.
  • mfinni
    mfinni over 9 years
    I once worked at a MMO company that launched a game for kids. We used a 3rd-party product to block bad words in the chat. To stress-test it, we opened it up for our company to use. You cannot imagine (or perhaps you can) the inventive filth that spewed out of the keyboards of 400 nerds.
  • HopelessN00b
    HopelessN00b over 9 years
    Damn. If we turned that on, I wouldn't be able to send any emails where I talk about my boss.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to disable cache exchange mode/offline storing office 365 mails for email clients such as outlook/thunderbird?
451 5.7.3 STARTTLS is required to send mail Exchange 2013 Hybrid
How to globally set the deleted item retention period in Exchange Online?
How to create a forwarding account in office 365?
add exchange extensions to AD
how to backup/export office 365 email to pst in exchange hybrid environment?
How can I prevent spoofed emails from outside thats using my internal accepted domain
Will a mailbox user know their mailbox has litigation hold?
Is there a way to restore deleted contacts via OWA?
All External Mail to Office 365 Fails SPF, Marked as Junk by EOP in a Hybrid Deployment