Effective email security is not just about filtering spam; it’s about strategically controlling which messages reach your users to prevent threats and minimize disruptions. A common misstep in configuring anti-spam policies is inadvertently allowing sender domains that can bypass these filters, potentially opening the door to targeted spam and phishing attacks. Microsoft Defender Secure Score recommends tightening these defenses by ensuring that no sender domains are whitelisted without stringent review. This action plays a crucial role in maintaining a robust defense against unwanted emails. In this post, we review the importance of this recommendation.
Note: “Recommended action” Remediations as identified by “Microsoft 365 admin center Portal (https://portal.microsoft.com) \ Security \ Secure score \ Recommended actions” in a pristine baseline environment.
Rank Recommended action
167 Ensure that no sender domains are allowed for anti-spam policies.
Microsoft Security Score
Secure Score Improvement: +0.19
General
Description
Never add your own accepted domains or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains to your organization. In addition, avoid adding specific senders that can bypass spam filtering.
Implementation status
100% of users are affected by policies that are configured securely.
- Strict Preset Security Policy1705599886976 – 1 users (100%)
Implementation
Prerequisites
You have Microsoft Defender for Office 365 P1.
Next steps
Remove all allowed domains and allowed senders from all your inbound anti-spam policies.
