For On-premise and cloud based email filtering, Exchange Online Protection (EOP) is a built-in facility provided by Microsoft. Not only it helps to protect the messaging environment against spam or malware but also ensures that messaging-policy of the enterprise is not desecrated. The good part about this service is, administrators do not need to manually enable it as it is activated by default. However, as per the requirement of enterprise, the admins can customize the filtering specifications using Exchange Admin Center (EAC).
Exchange Online Protection (EOP) is the successor to the Forefront Online Protection for Exchange (FOPE). EOP is suitable for both inbound and outbound email filtering. This malware and virus filtering service was introduced by Microsoft so that organizations can get rid of the administrative and maintenance overhead of Edge Transport Server role.
#1: The first level is spam blocking at TCP level. When an email message arrives and passes through the Connection Filtering, it is checked for malware. EOP uses Spamhaus (an global name that keeps a track of spammers and related activities) and its internal database to block spam. At this stage, if a spam is detected, it is deleted. Also, the addresses that are known to have sent 90 percent spam are added to internal block list.
#2: The next layer is Sender-Recipient Filtering. Here, the EOP servers receive the HELO command and the service name is tested against the blocked hosts. If the messages pass the reputation test, they move to Policy Filtering level where they are checked against the custom transport rules.
#3: The next step is to qualify the message through Content Filtering. Here, the content is checked for terminologies, URLs and properties that a common spam can have. This phase of scanning emails helps protecting against phishing attempts.
If a message is found to be a spam, it is either moved to the Junk Email folder or to the quarantine, depending upon the settings done. Once the message is passed through all these protective layers, they are delivered to the directed recipients.
#: EOP presents powerful protection against Spoofing which is a malicious practice of sending emails through modified addresses. For this, two fields of the email header are checked by EOP: Sender Policy Framework (SPF) and the Sender ID filtering. Also, EOP holds the capability to blocking bulk mails and the messages on the basis of language or geography.
#: If an email is detected as spam or is undelivered to the recipient, EOP will pass a message to the sender or the system administrator. However, if required, this service can be enabled or disabled for internal or external network.
#: EOP offers the facility to set up customized rules for emails through the Exchange Transport Rules engine. These rules are made up of:
Conditions: For identifying standards such as the Sender, Receiver, Keywords in Email etc.
Actions: Process that takes place on matching the condition.
Exceptions: Checks for messages that are excluded for transport rule action.
Exchange Online Protection (EOP) not only protects the messaging network against unexpected spam but also generates a report about the actions that it takes against the malware attacks. However, the summarized data of 60 days and details of 7 days will be available.