ORCA.103 - Outbound spam filter policy settings configured.
Overview
Configure the maximum number of recipients that a user can send to, per hour for internal (RecipientLimitInternalPerHour) and external recipients (RecipientLimitExternalPerHour) and maximum number per day for outbound email. It is common, after an account compromise incident, for an attacker to use the account to generate spam and phish. Configuring the recommended values can reduce the impact, but also allows you to receive notifications when these thresholds have been reached.
Remediation action
Set RecipientLimitExternalPerHour to 500, RecipientLimitInternalPerHour to 1000, and ActionWhenThresholdReached to block.
Related Links
- Microsoft 365 Defender Portal - Anti-spam settings
- Recommended settings for EOP and Microsoft Defender for Office 365 security
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.103 |
| Severity | Medium |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA103 |
| Tags | EXO, ORCA, ORCA.103 |
Source
- Pester test:
tests/orca/Test-ORCA103.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA103.ps1