Read time: 5 minutes

Getting spam messages in your Inbox has become a common trend. These spam emails are disturbing and distracting. It is believed that they account for about 50% of the email traffic. Nowadays, Spam messages are one of the major reasons for cyber attacks through unfiltered emails.

Spam senders are experts in applying advanced techniques to link viruses and malware with emails. With just one click, the entire system gets affected. To protect your email accounts from daily spam and unwanted mail, Microsoft has provided Exchange Online Protection that protects email accounts from unfiltered mail.

What Is Exchange Online Protection?

EOP or Exchange Online Protection is a cloud-based email-filtering service provided by Microsoft. EOP works to protect Exchange account emails from spam and malware links. This is included with Microsoft Office 365 subscription plan.

EOP works in a way to keep your emails safe and protected from various malware or ransomware emails. It helps in keeping the Inbox clean by filtering out spam and phishing emails. Thus, it helps you protect Office 365 data.

How does EOP work?

Let’s elaborate on the working of EOP.

Emails reach your Inbox after traveling through all the routers and mail servers. If you have Exchange Online as your email server, the virtual mail server is distributed across various data centers in the Microsoft cloud. Usually, along with the delivery of primary emails, various spam emails are also dropped. Here comes the work of Exchange Online Protection.

EOP briefly checks the reputation of the sender, its IP address, domain name, and the keywords in the title or message text. After verifying, it compares the data with the filter configurations. If all the conditions are met, the email is then delivered to the final destination. If any email does not meet the required conditions, that email is either sent to the junk folder or is not delivered to the recipient.

When an email message goes through a spam filtration procedure, it is ranked according to the spam score. This is termed as Spam Confidence Level (SCL). The higher the SCL score, the higher the probability that the email message is spam.

Below is the description of the four stages of filtering processed by EOP:

  • Connection filtering
    This is the initial step that checks the reputation of the sender. It checks the sender’s IP address and reputation. The email is either accepted or rejected based on the filtering criteria set by a particular organization. Most of the non-required emails are filtered out.
  • Anti-malware
    This is the next step which includes scanning the emails for malware or ransomware. If any message contains malware links, that particular email is quarantined. Only admins have the right to access the malware-quarantined emails. Admins can use the quarantine policies to deal with the quarantine emails.
  • Mail flow rules and policies filtering
    In the next step, the particular email goes through policy filtering. Your company must have defined some custom rules for incoming mail. The particular email is checked based on the mail flow transport rules and policies.
  • Content filtration
    This is the last step, where the email is scanned based on anti-spam and anti-spoofing policies. In this step, extremely harmful emails are identified as spam, extreme spam, phishing, high confidence phishing, bulk, or spoofing. The email settings can be customized as to what actions must be taken to the distracted emails based on the content filtering results. The rejected emails can either be quarantined, sent to the Junk Folder, or deleted.
Key Features of EOP

Some of the key features of EOP are listed below:

Protection Features

The protection feature of EOP comes with various small filters that aim at preventing Exchange Online from possible threats.

  • Spam filter- anti-spam technology protects from junk emails and fraudulent email practices.
  • Connection filter- it identifies the source of the email server.
  • Malware filter- it offers multilayered malware protection to stop any virus-infused, spyware, or ransomware mail.
Quarantine and Submission Features

This feature in EOP allows admins to take action against quarantined emails and submit those mails for analysis.

  • Quarantine- some isolated messages can be harmful, and hence these mails are managed by admins and can either be released or deleted.
  • Submissions- admins have access to the Submission portal to report all the suspected emails, URLs, and attachments.
Mail Flow Features

Mail flow rules or transport rules identify and take specific actions against the emails in the mailbox.

  • Mail flow rules- all the mail flow rules and policies include conditions, exceptions, and actions required for managing emails.
  • Accepted domains- these are the domains that are added to Microsoft 365 or Office 365. Users of accepted domains can send and receive email messages.
  • Connectors- is a “collection of instructions that customize the way your email flows to and from your Microsoft 365 or Office 365 organization.”
Monitoring Features

This property of EOP helps in monitoring, reporting, and tracing the messages.

  • Message trace- this feature helps in knowing if the email was received, rejected, deferred, or delivered. It shows what actions were taken on the email.
  • Email and collaboration reports- provide details on protection features of anti-spam, anti-malware, and encryption features.
  • Alert policies- alert policies are created to put check phishing attacks, unusual file deletion, or external sharing.
EOP Limitations

Exchange Online Protection is an extremely useful program provided by Microsoft. But every new program comes with its own pros and cons. Some of the EOP limitations are mentioned below:

  • Users have access to all the rejected or deleted spam and malicious emails. This creates a huge risk of these harmful emails escaping which were previously blocked and removed.
  • EOP has not yet been accepted by various clients.
  • As per the report by Microsoft 365 Security Blind Spot, 85% of organizations witnessed email data breach in 2020.
  • An email data breach is a major concern with EOP, and hence it is not trusted by most companies. Here comes into the picture, third-party tools. One such tool is Kernel Export Office 365 to PST. This tool backs up the entire mailbox data of Microsoft 365, Office 365, on-premises Exchange, and hosted Exchange. All the backup emails are saved in various output formats. With this tool, you do not have to worry if your email server is affected by virus links from spam emails, malware, or malicious attacks. So, it is the best way to secure Office 365 mailboxes.


Exchange Online Protection comes with various user-friendly features to protect any organization against spam, viruses, malware, ransomware, or spyware. You can easily get access to this Microsoft 365 program if you have a Microsoft subscription. You can customize settings as per the requirements. It prevents losing important data like emails and attachments.