We’re making some changes to how tenant (Anti-spam/Hosted Content Filter policy) and user (Safe sender) allows work when it comes to high confidence phish. A message is marked with the high confidence phish verdict when we detonate it and know that it is malicious. We want to ensure that our customers are protected and therefore block those messages from getting to the inboxes of end-users. This is normally the case, but tenant and user overrides can stop this from happening. We have decided to no longer honor Allowed senders or domains when the messages are considered as high confidence phish.
- Timing: Beginning mid-December through the end of January 2021
- Action: Review and assess the impact
How this will affect your organization:
Note: adding senders and domains to an allow list is not best practice and should be considered as a legacy way of filtering.
What you can do to prepare:
Administrators should use the submission portal to report messages whenever they believe a message has the wrong verdict so that the filter can improve organically.