Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Internal email messages in Exchange Online are improperly handled as spam

    • Updated:
    • 18 May 2020
    • Product/Version:
    • Cloud App Security
    • Platform:
Summary

Internal email messages in Exchange Online are improperly handled as spam by the Advanced Spam Protection security filter ignoring the administrator-configured settings in an Advanced Threat Protection policy for Exchange Online. The administrator can configure how to handle their internal email messages by the Trend Micro Anti-spam Engine (TMASE) as follows:

  • To have Cloud App Security (TMCAS) not scan internal messages, set the security filter to apply to Incoming messages.
  • To have TMCAS scan internal messages but not take configured actions if they fall into other spam, set the security filter to apply to All messages and select Pass all the messages sent from internal domains if detected as other spam in the Action section.

However, TMCAS does more in the back end. For example, Sender Policy Framework (SPF) setting and email header checks, to identify fake internal emails.

Therefore, upon the above settings, if some internal messages of your organization are still handled as other spam, you can check the affected messages for further actions.

Details
Public
  1. Set up the Advanced Spam Protection filter to only apply to Incoming messages to prevent internal emails from being scanned.

    apply to Incoming messages

  2. If all messages need to be scanned by Advanced Spam Protection filter, but you do not want the filter to take actions for incoming mails detected as “Other spam”, configure the following settings:

    1. Configure the Advanced Spam Protection filter to apply to All messages.

      apply to All messages

    2. Check the option Pass all the messages sent from internal domains if detected as other spam.

      apply to All messages

With the above settings, when internal messages are still detected as spam, go ahead and check the detected messages by doing the following:

  1. Confirm whether the detected messages have failed information of Sender Policy Framework (SPF) on the email header. For example, Fail or softfail.

    • If the detected messages have a failed SPF header on the mail header, check the related SPF setting for the sender domains.
    • Or you can choose to add the email sender from the detected messages into the Approved Sender List if you confirm that the sender can be trusted.

      apply to All messages

  2. Confirm whether you have inconsistent Reply-to or Return-path on the detected message mail headers, in which the domain name is not included in the internal domain list.

    • If the mail headers are not consistent with the sender’s domain, go ahead and check whether you have a special setting or whether this mail is forged in the internal mail.
    • If you implement some special settings, which modifies the mail header, go ahead and check whether TMCAS' current approved list setting can bypass them. It includes the following:

      • Approved sender

        apply to All messages

      • Approved header

        apply to All messages

Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot
Solution Id:
000253191
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.