How to reduce spam email in Office 365

Are you getting too much spam in Office 365? Do this.

Many issues with spam in Office 365 can be resolved by viewing the e-mail message headers and determining what went wrong. You will need to look for a header named X-Forefront-Antispam-Report.

If it contains the string SFV:NSPM, this means that Exchange Online Protection (EOP) scanned the message and didn't think it was spam. If you don't agree, this is called a false negative and we strongly recommend that you use the Report Message add-in to help us improve our filters.

If you don't see this value in the headers, it could mean either that the mail didn't pass through spam scanning, or that there was a configuration issue that caused the message to be ignored. In this case, consult the information below.

You can learn more about anti-spam message headers.

Solutions to common causes of getting too much spam

In order to protect you from getting too much spam, Exchange Online Protection (EOP) requires that administrators complete a few tasks. If you are not the administrator for your Office 365 tenant and you are getting too much spam, then you may want to work with your administrator on these tasks. Otherwise, you can skip to the user section.

For admins

  • Point your DNS records to Office 365 In order for EOP to provide the best protection, your mail exchanger (MX) DNS record(s) for all domains must be pointed to Office 365 -- and only to Office 365. See Create DNS records for Office 365 when you manage your DNS records.

  • Enable the junk mail rule on all mailboxes By default, the spam filtering action is set to Move message to Junk Email folder. If this is the preferred and current spam policy action, then each mailbox must also have the junk mail rule enabled. To check this, you can run the Get-MailboxJunkEmailConfiguration cmdlet against one or more mailboxes. For example, you might check all mailboxes for this by running the following: Get-MailboxJunkEmailConfiguration -Identity * | Where {$_.Enabled -eq $false}

    When viewing the output, the Enable property should be set to True. If it is set to False, you can run Set-MailboxJunkEmailConfiguration to change it to True.

  • Check your mail flow rules and safe lists Look at the message header for a message that should have been marked as spam. Find the SCL property in the X-Forefront-Antispam-Report header. If the SCL value is -1, this indicates that the message was safe listed and bypassed EOP spam filtering. Investigate mail flow rules, allow lists, and the recipient's allowed senders list. A Find and fix email delivery issues as an Office 365 for business admin will also be useful in providing details about why a message received an SCL of -1.

  • Create mail flow rules in on-premises Exchange Server If you are using Exchange Online Protection, but your mailboxes are located in on-premises Exchange Server, then you will need to create a couple of mail flow rules in on-premises Exchange Server. See the instructions for EOP-only.

  • Mark bulk email as spam Bulk email is email which users may have signed up for, but may still be undesirable. In the message header, find the BCL (Bulk Confidence Level) property in the X-Microsoft-Antispam header. If the BCL value is less than the threshold set in the spam filter, you may want to adjust the threshold to instead mark these types of bulk messages as spam. Different users have different tolerances and preferences for how bulk email is handled. You can create different policies or rules for different user preferences.

  • Immediately block a sender In the case where you need to immediately block a sender, you can block by email address, domain, or IP address. See Block email spam with the Office 365 spam filter to prevent false negative issues. An entry in an end-user allow list can override a block set by the administrator.

  • Turn on the report message add-in for users We strongly recommend that you enable the report message add-in for you users. As an administrator, you may also be able to view the feedback your users are sending and use any patterns to adjust any settings that may be causing problems.

For users

  • Enable the junk mail rule and check your allow list Check that the junk mail action rule is enabled and that the sender or sender's domain is not set to bypass in your personal allow list. The best way to access these settings is from Block or allow (junk email settings). While you are there, you may also choose to block the sender's email address or domain.

  • Report spam to Microsoft Report spam messages to Microsoft by using the Use the Report Message add-in. Additionally, you can send a message to and attach one or more messages to report.

    Important If you do not forward the messages as attachments, then the headers will be missing and we will be unable to improve the junk mail filtering in Office 365.

  • Unsubscribe from bulk email If the message was something that you signed up for (newsletters, product announcements, etc.) and contains an unsubscribe link from a reputable source, you may want to simply unsubscribe. Office 365 does not typically treat these messages as spam. You can also choose to block the sender, or ask your administrator to make a change that will cause all bulk mail to be treated as spam.