How to deal with CONSTANT email spam?

Dear E1G2,

Good day ,

Thanks for posting in Microsoft Community.

I understand that you have an concern on "email spam" I would say , thank you for your efforts on trying to fix the issue from your end.

Before moving forward, my humble request please keep patience and check my below reply as it's going to little long because I am explaining you all related possible causes and solutions including KBs article links for the same :

In the begin , I would like to draw your attention here [If you are Office365 end user ] you can not completely fix this issue as user end side because O365 admin portal have more control to minimize this issue problem and you may need to work on this with your O365 admin , Therefore I am sending you information as below :

Several possible reason behind It therefore may I know it's related with one specific user ? or multiple users ? it could be “Account compromised ” related problem , Have a look on the below require actions plan need to be apply and avoid this problem à

• Reset the user's password

• Remove suspicious email forwarding addresses

• Disable any suspicious inbox rules

• Block the user account from signing-in

• Enable the MFA

• Unblock the user from sending mail

• And then re-enable the Signing-in from the admin portal.

Reference KBs article à https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide

NOTE : The possible reason behind this kinds of email , Either “Account compromised ” OR “ Domain spoof “: Spoofing is when a spammer sends out emails using your “Display Name/Email Address” in the From: field. The idea is to make it seem like the message is coming from you – in order to trick people into opening it. But when we looking at the return path we can understand the actual sender is different.

To avoid this in feature please consider following the below steps :

                                a. Make sure DKIM and DMARC is enabled for the domain xyz.com

                                b. Create a transport rule to prevent emails being relayed through your domain by following

c. Report suspicious content to Microsoft

Created Transport rule to Control spoofing emails as defined below  :

                1.       Login to https://portal.office.com with administrator credentials.

                2.       Go to Admin tab and Navigate to Exchange

                3.       Navigate to Mail Flow

                4.       Go to Rules and Click Add(Plus Sign)

                5.       New Rule as defined below and click save.

Note: You can add the IP address as an exception if you are using SMTP relay to send genuine emails to customers (Like Azure Cloud, SendGrid,Amazon cloud)

Furthermore , As I mentioned , As Office 365 uses a built-in Anti-Spam filter in addition to customizable ones because sometimes the built-in one is not what customer wants. The way the built-in one works is based on anti-spam technology and is being updated continuously in accordance with customer reports for false negative and false positive and also development in mentioned technology.

 Additionally , I would suggest you to use “ Submission “ option and report this incident direct to our compliance team to investigate further à https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/admin-submission?view=o365-worldwide

Furthermore , for false Positive / False Negative Emails  :

Report messages and files to Microsoft: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide

Manually submit messages to Microsoft for analysis:https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis?view=o365-worldwide

Submissions - Microsoft 365 security

You will have this web interface :

Reference link : https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/security/defender/m365d-autoir-report-false-positives-negatives?view=o365-worldwide#report-a-false-positivenegative-to-microsoft-for-analysis

If the suggested response and information helped you narrow down your concern , do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community and also for other community members.

NOTE : For your security and privacy , kindly don't mention any email address / password or other confidential information.

We look forward to your response. Thanks for your cooperation.

Sincerely,

Amul | Microsoft Community Moderator

Dear E1G2,

Good day ,

How are you ? I hope you are doing good ,

I am replying to follow up and I hope you had chance to check my technical suggestion over to your question.

Feel free to reply here , if you may have any other question regarding this thread.

If my suggested response helped you to provide sufficient information over this thread , do click on "Mark as Answer" for the answer that helped you for benefit of the community and also for other community members.

Sincerely,

Amul | Microsoft Community Moderator