Plain text spam emails ( Social Engineering Attack Protection Beginner Level 1 ) MS365 Exchange Center

For handling plain text spam emails on an on-premises Microsoft Exchange Server, you can implement a combination of filtering techniques to reduce unwanted spam. Here’s a practical approach to help mitigate plain text spam:

1. Configure Anti-Spam Filters on Exchange Server:

• Enable Anti-Spam Features: Make sure you’ve enabled the built-in anti-spam filtering on your Exchange server.
  • In Exchange Admin Center (EAC), go to Protection > Spam filter.
  • Create or modify a Spam filter policy to block or quarantine suspicious emails.

2. Set up Content Filtering:

• Content Filtering: Customize the content filtering settings to catch plain text spam.
  • Go to Protection > Content Filter in EAC.
  • Enable filtering to flag messages with certain characteristics like missing subject lines, suspicious keywords, or lack of proper headers.

3. Use Connection Filtering:

• Connection Filtering helps block spam based on the sender’s IP address.
  • Under Protection > Connection Filter, you can configure trusted and blocked IP addresses.

4. Implement Sender ID and DKIM/SPF Validation:

• Sender ID: Ensure that Sender ID filtering is enabled to check if the domain matches the sending IP.
• SPF/DKIM: Set up and enforce SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to reduce the chances of spoofed emails being marked as legitimate.

5. Configure Outlook and Client-Side Rules:

• Outlook Junk Email Filter: Users can enable the Junk Email Filter within Outlook to automatically filter out plain text spam emails based on various factors (subject, content, attachments).
• Client-Side Rules: Configure rules in Outlook to move spammy emails to specific folders or automatically delete them.

6. Use Transport Rules (Mail Flow Rules):

• Create Transport Rules to analyze the content of incoming emails and filter out messages that match specific patterns common in spam.
  • For example, if you notice spam is arriving in plain text format, you can set up a transport rule to inspect messages and perform actions (like moving them to Junk or Quarantine) if they meet certain criteria (such as containing specific words or missing HTML content).

7. Enable Greylisting (Optional):

• Greylisting temporarily rejects emails from unfamiliar senders to see if they will resend the email. Spam systems tend to ignore retry logic, but legitimate servers will resend the message, allowing it through.

8. Third-party Anti-Spam Solutions:

• If native solutions are not sufficient, consider using a third-party anti-spam solution like Barracuda, Symantec, or Proofpoint for better detection and filtering of plain-text spam.

9. Review and Monitor Logs:

• Regularly monitor the Exchange message tracking logs to identify spam patterns and adjust filtering accordingly.

These measures should greatly reduce or eliminate plain text spam while allowing legitimate messages to come through.