Feedback by UserVoice

Office 365 Security & Compliance

We have partnered with UserVoice, a third-party service and your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy. Please do not send any novel or patentable ideas, copyrighted materials, samples or demos for which you do not want to grant a license to Microsoft.

Welcome to the Security (Protection) & Compliance UserVoice forum. We’re happy you’re here! If you have suggestions or ideas on how to improve Security or Compliance related features in O365, we’d love to hear them!

How it works
◾Check out the ideas others have suggested and vote on your favorites
◾If you have a suggestion that’s not listed yet, submit your own — 25 words or less, please
◾Include one suggestion per post

Thanks for joining our community and helping improve these features in Office 365!

Need Tech Support? Please see the O365 Community for the product or feature you are having issues with, or open a support ticket through your Office 365 administrator portal.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Stop using the Spamhaus PBL and XBL blocklists on mail submitted by *authenticated* users

    Microsoft use various Spamhaus blocklists for filtering incoming mail. As an Office 365 user myself, I am grateful for this, as without such tools I'm sure I would receive a lot more spam.

    However, today I discovered that an email from one Office 365 user to another Office 365 user was rejected because the sender's IP was on the Spamhaus PBL and XBL lists. The IP address was not on the SBL list. Please note that the message was submitted using an Exchange client with their Office 365 username and password. It was not submitted by SMTP.

    If I understand…

    90 votes
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →

    Office 365 uses Spamhaus PBL & SBL only for rejecting unauthenticated mail servers which are trying to deliver to or relay through Office 365.

    The XBL is used to prevent authenticated clients, but ONLY if the tenant is a new/trial tenant. To resolve issues caused by the XBL, simply convert to a paid license and remove the trial. It may take 1-2 days for the system to pick up this change, but paid customers should have no issues with XBL. If you are a paid customer and are affected, please contact our support who can check the backend to make sure your licenses are correct. Occasionally a system may get out of sync and you will need to get support to dig into the problem with our engineering team.

    This check is done as one of many things we have to do to control abuse.

  2. separate sending IP addresses for tenants

    It would be nice to have separate sending IP addresses for every different tenant. This way SFP rules won't assume that email from compromised O365 tenants are safe.

    1 vote
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Spam & Phishing  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base