Once setup O365 Anti-spam [new Microsoft 365 Defender] what is the best way to test it?
Best practice, avoiding to expose the users too much, using specific tools, creating false email spam , trace, etc ...
Thanks
Once setup O365 Anti-spam [new Microsoft 365 Defender] what is the best way to test it?
Best practice, avoiding to expose the users too much, using specific tools, creating false email spam , trace, etc ...
Thanks
Hi @Marc-8505
Is there any update? Have you tried the method below to test the antispam for your organization?
You can simulate spam using this link:
https://o365info.com/simulate-spam-mail/
Config Ananlyzer:
https://www.powershellgallery.com/packages/ORCA/1.10.6
Tuning anti-phishing:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tuning-anti-phishing?view=o365-worldwide
After that, you monitor and adjust as necessary.
If you need to safelist senders, follow:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide

Ensure you have correctly setup your SPF/DKIM and DMARC records as well:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide
This is very important so that 365 can easily tell when external users are attempting to spoof your domain nd send inbound messages to your users!
Hi @Marc-8505
Agree with the suggestions above from Andy.
Use the Generic Test for Unsolicited Bulk Email (GTUBE). It's a standardized spam signature used precisely for testing spam filters.
Put this in the body of the test email:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
and it will force the mailb to be recognized as spam.
In addition to the spam, the official document also provided a way to Simulate a phishing attack. You could refer to this if you need.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
9 people are following this question.