At the beginning of the month Microsoft announced that they were deprecating the SmartScreen filters used by the desktop Microsoft mail clients. These are the filters used in Exchange and various version of Outlook mail. This is yet further consolidation of spam filtering between the Microsoft free webmail domains, Office365 hosted domains and self hosted Exchange servers. The online services (hotmail.com, outlook.com, Office365, live.com, etc) have been using these filters for a while. The big change now is that they’re being pushed down to Exchange and Outlook users not hosted on the Microsoft site.
EOP was developed for Outlook.com (and friends) as well as Office365 users. From Microsoft’s description, it sounds like the type of machine learning engine that many providers are moving to.
Microsoft has published quite a bit of information about these filters and how they work on their website. One of the best places to start is the Anti-spam Protection FAQ. Something senders should pay attention to is the final question on that page: “What are a set of best outbound mailing practices that will ensure that my mail is delivered?” Those are all things deliverability folks recommend for good inbox delivery.
Poking around looking at the links and descriptions, there is a host of great information about spam filtering at Microsoft and how it works.
A page of note is their Exchange Online Protection Overview. This describes the EOP process and how the filters work.
An incoming message initially passes through connection filtering, which checks the sender’s reputation and inspects the message for malware. The majority of spam is stopped at this point and deleted by EOP. Messages continue through policy filtering, where messages are evaluated against custom transport rules that you create or enforce from a template. For example, you can have a rule that sends a notification to a manager when mail arrives from a specific sender. (Data loss prevention checks also occur at this point, if you have that feature; for information about feature availability, see the Exchange Online Protection Service Description.) Next, messages pass through content filtering, where content is checked for terminology or properties common to spam. A message determined to be spam by the content filter can be sent to a user’s Junk Email folder or to the quarantine, among other options, based on your settings. After a message passes all of these protection layers successfully, it is delivered to the recipient.
Well, if you ever wanted to know how Microsoft filters mail, now you do.
I’m also pleased to read that MS is continuing to support SNDS. I know it’s been problematic for folks lately and was somewhat concerned as the person who created SNDS recently moved to a new position. However, their FAQs still recommend SNDS so I think we can expect it to be maintained by new folks.
Historically, way back in the olden days, Microsoft created Smartscreen for Hotmail (now Outlook.com) and shipped a version that ran locally in Exchange server, and in the Outlook mail client. This was the state of things for years.
Over time, as Microsoft integrated Office 365, it became more difficult to make Outlook, Exchange, and Office 365 together. Outlook would refilter the message and frequently mark it as spam. This is due to the evolving nature of spam; the local Smartscreen filters would only be updated every 1-2 weeks whereas spam campaigns change daily.
As Microsoft has started moving to the cloud and encouraging its customers to do the same, and the fact that Outlook and Exchange doing their own filtering is not required (since nearly all email clients are behind a service that does spam filtering, and if you want filtering for Exchange server you should subscribe to Exchange Online), shipping Smartscreen to Outlook and Exchange no longer makes sense.
Outlook.com still runs Smartscreen, and the two services (i.e., Outlook.com and Office 365) do borrow technologies from each other. There is a major effort to converge the two infrastructures and UX’es, although the two will probably never be identical in the way they filter email. The types of spams that each userbase sees are different.
The links I was reading didn’t make it clear if EOP was the same as SmartScreen online or if that was a replacement or what. I appreciate the clarification.