Microsoft's cloud-based Exchange Online Protection service is the company's weapon in an escalating arms race with spammers.
Each day, Microsoft prevents billions of spam messages from landing in customer inboxes.
The software giant blocks 10 million such emails each minute on average, revealed the company's Exchange Online Protection (EOP) team in an Oct. 15 blog post
. That adds up to more than 14 billion blocked messages per day.
Spam is more than a nuisance, according to Microsoft program managers Shobhit Sahay, Levon Esibov and Terry Zink. In their jointly authored post, they detailed the dangers of a particularly dangerous form of spam.
"Phishing campaigns … are looking to compromise the credentials of the company employees and take control of the resources of a company," explained the Microsoft staffers. "A popular type of phishing campaign is spear phishing, which targets the most valuable contacts within an organization."
To protect against phishing, and other email threats, Microsoft is bulking up its Exchange Online Protection product.
Launched 18 months ago, Exchange Online Protection guards against spam
and malware at a cost of $1 per user per month. The service is bundled with Exchange Online and Office 365 plans that include a cloud-based email component.
The group provided a behind-the-scenes look at Exchange Online Protection's multilayered filtering approach to giving spam the boot.
First, a connection filtering technique blocks emails from low-reputation IP addresses. Next, emails are filtered according to sender reputation, the product of data from in-house and third-party sources. "Finally, EOP uses numerous filtering techniques to catch the leftover spam that you see in spam campaigns that involve more complex investigation," they wrote.
Exchange Online Protection "also provides comprehensive malware and virus filtering, using three different industry-leading anti-virus (AV) engines," they revealed.
And their work isn't over. Microsoft is "making the largest investments ever in advancing threat protection in Exchange Online Protection," said Sahay, Esibov and Zink. "EOP is the Microsoft long-term solution to protect not only mailboxes in Office 365, but also tens of millions of mailboxes on premise mail servers of our customers."
Over the next six to 12 months, Microsoft plans to release a bevy of new features and capabilities, all aimed at staying one step ahead of quick-to-adapt spammers. According to the group, the Exchange Online Protection roadmap includes advanced threat protection from, for example, emerging "Time of Click" and zero-day threats.
Microsoft is implementing DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) sender authentication technologies. Plans also call for better protection against bulk mail (graymail), or unwanted advertising emails that clog up inboxes.
Like Microsoft's global cloud data center footprint, Exchange Online Protection is slated to get bigger in the coming month. The team said their company is preparing for an "expansion of EOP datacenters across different regions, further substantiating our promise of processing mail in the region of our customers."