How to generate a Office 365 spam filtering report
Last updated on:In this page
Spam messages can overload mailboxes, spread phishing attempts, and deliver malware. Regularly reviewing spam helps administrators maintain email security and efficiency. However, in large organizations, manually analyzing email security data takes significant time and effort.
If you use Microsoft 365, tracking your email spam statistics can help save a lot of effort that can be directed towards stopping these Microsoft 365 spam emails. Keep reading to find out how you can do it with native tools and with ManageEngine M365 Manager Plus, a dedicated Microsoft 365 administration tool.
- Microsoft Defender
- Graph PowerShell
- M365 Manager Plus
Method 1: How to get an email spam statistics report using the Microsoft 365 Defender portal
Prerequisites
To view and use mail flow reports, you must be a member of at least one of the following role groups in Exchange Online:
- Organization Management
- Security Administrator
- Security Reader
- Global Reader
Steps
- Log in to the Microsoft 365 Defender portal.
- Navigate to Reports > Email & collaboration > Email & collaboration reports.
- In the Threat protection status report, select View details.
- Change View data by Overview to View data by Email > Spam to get the spam detection report.
- You can now view a list of all spam detections. You can also export this list to a CSV file by clicking Export.
Method 2: How to get a spam detection report using Exchange Online PowerShell (Get-MailDetailSpamReport)
Prerequisites
Before using Exchange Online PowerShell, please verify that:
- The Global Administrator role is applied to the account you use to sign in to Exchange Online PowerShell.
- You are connected to the Exchange Online module.
- To check if the ExchangeOnlineManagement PowerShell module is installed, use this script:
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Update-Module ExchangeOnlineManagement - Connect to Exchange Online PowerShell with this script:
Connect-ExchangeOnline
- To check if the ExchangeOnlineManagement PowerShell module is installed, use this script:
Using Get-MailDetailSpamReport to export a Microsoft 365 spam detection report
The Get-MailDetailSpamReport cmdlet can be used to retrieve a detailed report of spam detections within a specified date range. The syntax for retrieving a spam detection report is given below:
Get-MailDetailSpamReport -StartDate <StartDate> -EndDate <EndDate> |
Select-Object Direction, MessageId, SenderAddress, RecipientAddress, Subject, Action |
Export-Csv -Path "C:\Reports\SpamDetections-$(Get-Date -Format yyyyMMdd-HHmmss).csv" -NoTypeInformation -Encoding UTF8 Supported parameters
The following table contains some parameters that can be used with the Get-MailDetailSpamReport cmdlet to provide details on your spam detections.
| Parameter | Description |
|---|---|
| Direction | Filters the results by inbound or outbound messages. |
| MessageId | The unique identifier of the message. |
| SenderAddress | The email address of the sender. |
| RecipientAddress | The email address of the recipient. |
| Subject | The subject line of the email. |
| Action | The action taken on the email (e.g., delivered, junked, quarantined, or deleted). |
An example use case for the Get-MailDetailSpamReport cmdlet
Scenario: An IT administrator needs to conduct a weekly audit of all inbound spam messages to identify trends and adjust spam filter policies accordingly. This is the cmdlet the admin would have to run to generate a report of all inbound spam detected in the last seven days.
$startDate = (Get-Date).AddDays(-7)
$endDate = Get-Date
Get-MailDetailSpamReport -StartDate $startDate -EndDate $endDate -Direction Inbound |
Select-Object Direction, MessageId, SenderAddress, RecipientAddress, Subject, Action |
Export-Csv -Path "C:\Reports\InboundSpam_Last7Days.csv" -NoTypeInformation -Encoding UTF8 Method 3: How to view a spam detection report in M365 Manager Plus
- Log in to M365 Manager Plus and click the Reports tab.
- Navigate to Mail Traffic Reports and select the Filtered as Spam report.
- You can filter for email addresses in specific domains using the Filter By field or export the list by clicking Export As.
Monitor your Exchange Online environment and more
M365 Manager Plus' reporting capabilities help you view, monitor, and analyze email traffic and security threats across your Microsoft 365 environment. It simplifies security audits, provides detailed insights into mail flow, and offers proactive alerting.
Automated Microsoft 365 spam filtering
Identify top spam recipients and senders with filters for specific addresses, locations, and other factors to find its root cause. Use the email spam statistics to automate blocking spam and update your spam blocklist regularly without any human intervention.
Real-time spam alerts
Set up proactive alerts for when your organization is hit with mass spam campaigns so that you can take immediate action before it escalates.
Eliminate PowerShell complexity
Run detailed reports in a single click without the need for complex PowerShell scripting.
Important tips
Regularly review spam filter policies: Periodically review and adjust your anti-spam policies to ensure they are effectively blocking the latest spam techniques.
Configure advanced spam filtering: Utilize advanced options like blocking emails in specific languages or from certain countries to enhance your spam protection.
Implement transport rules for bulk mail: Create transport rules to aggressively filter bulk emails like newsletters and promotions that may not be caught by standard spam filters.
Frequently asked questions
You can enhance your spam filtering by subscribing to Microsoft Defender, which offers advanced features like Safe Attachments and Safe Links. Additionally, configuring spam confidence levels and actions for detected spam can improve effectiveness.
Spam is any unwanted email, while high-confidence spam is email that Microsoft's filters are very certain is malicious. By default, high-confidence phishing emails are quarantined.
You can configure actions such as moving messages to the Junk Email folder, quarantining messages, deleting messages, or prepending the subject line with a warning.
You can use the Connection filter in the Exchange admin center to block emails from specific IP addresses or IP address ranges.