Read time: 5 minutes

Summary: Spam emails are a growing issue, accounting for roughly 50% of email traffic and posing cyber threats. Microsoft’s Exchange Online Protection (EOP) is a cloud-based filtering service bundled with Office 365, safeguarding emails by filtering out spam, malware, and phishing threats through a multi-step process. Despite its advantages, EOP has limitations, and third-party tools like Kernel Export Office 365 to PST offer additional email security and backup solutions for comprehensive protection.

The influx of spam messages in your Inbox has become a prevalent issue, causing disruption and distraction. It’s estimated that these spam emails now constitute roughly 50% of all email traffic. In today’s digital landscape, spam messages have emerged as a significant contributor to cyberattacks through unfiltered emails.

Spam senders employ sophisticated methods to attach viruses and malware to emails, putting your entire system at risk with a single click. Microsoft offers Exchange Online Protection as a safeguard, shielding your email accounts from the constant influx of spam and unwanted mail, ensuring filtered content reaches your inbox.

What Is Exchange Online Protection?

EOP, or Exchange Online Protection, is Microsoft’s cloud-based email filtering service. Its primary purpose is to safeguard Exchange account emails by detecting and neutralizing spam and malware links. EOP is an integral part of the Microsoft Office 365 subscription plan.

EOP works in a way to keep your emails safe and protected from various malware or ransomware emails. It helps in keeping the Inbox clean by filtering out spam and phishing emails. Thus, it helps you protect Office 365 data.

How does EOP work?

Let’s elaborate on the working of EOP.

Emails follow a path through multiple routers and mail servers before arriving in your Inbox. If your email server is powered by Exchange Online, it operates as a virtual mail server distributed across Microsoft’s cloud-based data centers. Typically, alongside legitimate emails, spam messages may also attempt delivery. This is where the role of Exchange Online Protection becomes crucial.

EOP conducts a swift evaluation of the sender’s reputation, including their IP address, domain name, and keywords in the title or message text. Following this verification, it cross-references the data with predefined filter configurations. If all criteria are met, the email proceeds to its intended destination. However, if an email fails to meet the necessary conditions, it is either directed to the junk folder or not delivered to the recipient.

During the email’s passage through the spam filtration process, it undergoes assessment and receives a Spam Confidence Level (SCL) score. The higher the SCL score, the greater the likelihood that the email is indeed spam.

Below is the description of the four stages of filtering processed by EOP:

  • Connection filtering
    In the first stage, the system assesses the sender’s reputation by scrutinizing their IP address and overall history. Based on the predetermined filtering criteria established by each organization, emails are either accepted or rejected. This step effectively filters out a majority of unnecessary emails.
  • Anti-malware
    In the following stage, emails undergo comprehensive scans for malware or ransomware. If any message is found to contain malicious links, it is immediately placed in quarantine. Access to these quarantined emails is restricted to administrators, who are equipped with the necessary tools to manage and address them in accordance with established quarantine policies.
  • Mail flow rules and policies filtering
    Next, the email undergoes policy filtering. Your company should have established custom rules for incoming mail. This specific email is then assessed in accordance with these predefined mail flow transport rules and policies.
  • Content filtration
    In the final stage, the email undergoes scanning based on anti-spam and anti-spoofing policies. During this phase, highly harmful emails are categorized as spam, extreme spam, phishing, high-confidence phishing, bulk, or spoofing. Email settings can be tailored to specify actions for dealing with these flagged emails based on the content filtering results. The rejected emails can be either quarantined, directed to the Junk Folder, or deleted as per your customization.
Key Features of EOP

Some of the key features of EOP are listed below:

Protection Features

The protection feature of EOP comes with various small filters that aim at preventing Exchange Online from possible threats.

  • Spam filter- anti-spam technology protects from junk emails and fraudulent email practices.
  • Connection filter- it identifies the source of the email server.
  • Malware filter- it offers multilayered malware protection to stop any virus-infused, spyware, or ransomware mail.
Quarantine and Submission Features

This feature in EOP allows admins to take action against quarantined emails and submit those mails for analysis.

  • Quarantine- some isolated messages can be harmful, and hence these mails are managed by admins and can either be released or deleted.
  • Submissions- admins have access to the Submission portal to report all the suspected emails, URLs, and attachments.
Mail Flow Features

Mail flow rules or transport rules identify and take specific actions against the emails in the mailbox.

  • Mail flow rules- all the mail flow rules and policies include conditions, exceptions, and actions required for managing emails.
  • Accepted domains- these are the domains that are added to Microsoft 365 or Office 365. Users of accepted domains can send and receive email messages.
  • Connectors- is a “collection of instructions that customize the way your email flows to and from your Microsoft 365 or Office 365 organization.”
Monitoring Features

This property of EOP helps in monitoring, reporting, and tracing the messages.

  • Message trace- this feature helps in knowing if the email was received, rejected, deferred, or delivered. It shows what actions were taken on the email.
  • Email and collaboration reports- provide details on protection features of anti-spam, anti-malware, and encryption features.
  • Alert policies- alert policies are created to put check phishing attacks, unusual file deletion, or external sharing.
EOP Limitations

Exchange Online Protection, a valuable offering from Microsoft, has its share of advantages and drawbacks like any other program. Below are some of the limitations associated with EOP:

  • Users have access to all the rejected or deleted spam and malicious emails. This creates a huge risk of these harmful emails escaping which were previously blocked and removed.
  • EOP has not yet been accepted by various clients.
  • As per the report by Microsoft 365 Security Blind Spot, 85% of organizations witnessed email data breach in 2020.
  • Email data breaches are a significant concern associated with EOP, eroding trust among many companies. Third-party tools like Kernel Export Office 365 to PST come to the rescue. This tool efficiently backs up mailbox data from Microsoft 365, Office 365, on-premises Exchange, and hosted Exchange, saving emails in various formats. With this tool, you can safeguard your email server from threats like virus-laden spam emails and malware attacks, making it the ideal choice to secure Office 365 mailboxes.


Exchange Online Protection offers an array of user-friendly features designed to safeguard organizations from spam, viruses, malware, ransomware, and spyware. Accessible through a Microsoft 365 subscription, this program allows for easy customization to meet specific needs. It serves as a crucial shield, ensuring the security of vital data, including emails and attachments.