Microsoft Updates Exchange Online Protection to Battle Holiday Spam

The company issued an update intended to help organizations deal with inboxes that are beginning to fill up with not-so-glad tidings.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Microsoft Exchange Online Protection

'Tis the season for more spam.

With the holidays approaching, Microsoft is currently rolling out an update for its Exchange Online Protection (EOP) service that is meant to help users deal with the onslaught of email promotions and cut down on the inbox clutter. EOP is a cloud-based enterprise email security product that filters spam and malware. Microsoft claims that EOP helps block 10 million spam messages per minute for the company's customers.

The new EOP update provides organizations with new tools to filter bulk emails. "With this new capability, we are introducing a simple, intuitive control in the Exchange Admin Center to allow you to easily block more of these 'bulk' emails," wrote Microsoft Exchange Online Protection program manager Chris Nguyen and technical product manager Shobhit Sahay in a Nov. 24 blog post.

Microsoft classifies bulk email as "email that falls somewhere in the middle of spectrum between junk email and good email—some users want it, others do not," said Nguyen and Sahay. "Examples of bulk email include newsletters, social updates and promotions," content that may not be entirely unwelcome, but can nonetheless compete with legitimate work emails for attention.

Since the difference between bulk email and outright spam is not cut-and-dried, Microsoft is relying on a measurement called Bulk Complaint Level. "Earlier this year, we significantly increased EOP's bulk detection and assigned Bulk Complaint Level (BCL) ratings to email from bulk senders to indicate the likelihood it would generate a complaint," explained the bloggers.

According to a related online support document, bulk mailers are rated one to nine based on the likelihood that they attract complaints. Good examples "send wanted messages with relevant content to their subscribers," generating barely a peep from recipients, according to the company.

However, others resort to some unsavory tactics. "Other bulk mailers send unsolicited messages that closely resemble spam and generate many complaints from recipients. To distinguish these types of bulk mailers, messages from bulk mailers are assigned a Bulk Complaint Level (BCL) rating," stated Microsoft.

The X-Microsoft-Antispam header of a message contains this rating, enabling EOP's bulk email filtering and resulting in cleaner user inboxes. New Exchange Admin Center controls, which replace the Bulk Mail Advanced Spam filtering option, allow organizations to tweak EOP's settings based on this rating. "For example, selecting 5 treats email with a BCL of 5 or higher to be treated as spam," wrote Nguyen and Sahay.

Spammers are getting craftier in their efforts to thwart common email filtering techniques.

In June, Cisco reported an increase in "snowshoe spam," or the practice of sending bulk emails over several IP addresses versus just one. Since a relatively low volume of spam is sent over each address, it slips past IP-based detection methods. Cisco's research revealed that snowshoe spam accounted for 15 percent of all spam in April 2014, up from 7 percent in November 2013.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...