Microsoft recently updated their support page and offered additional guidance to network admins as it relates to Office 365's built-in spam filters. The gist of the update is that they strongly advise against turning the auto-filters off.
They provided some additional guidelines if you decide to bypass them for one reason or another.
Here are the most relevant portions of the recent update:
"If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through. Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve and verdicts could improve over time...."
If you decide you want or need to bypass anyway, the company offered the following additional suggestions:
- Never put domains that you own onto the Allow and Block lists
- Never put common domains, such as Microsoft.com and office.com onto the Allow and Block lists
- Do not keep domains on the lists permanently, unless you disagree with the verdict of Microsoft
You and your IT staff are likely already aware of this. If not, Microsoft maintains a living document on their support website where they keep a comprehensive list of security best practices for Office 365. If you haven't seen it before, or if it's been a while since you reviewed it, it pays to take some time to look it over.
On a related note, the company recently sent out a bulletin advising all Office 365 customers and admins to report junk email messages for analysis using the Microsoft Junk Email Reporting add-on. This is in order to help reduce the number and effect of future junk email messages. If you and your team aren't already in the habit of doing this, now is an excellent time to start.