I have noticed that the Content Filter portion of Exchange Online Protection takes precedence over transport rules. This results in the quarantining of several legitimate messages despite the creation of transport rules that should allow delivery.
I will use basecamp.com as an example. Almost daily, I have to release several legitimate messages from basecamp.com. Message traces show that the messages are being quarantined before transport rules are applied. I have repeatedly reported false positives to Microsoft, but the problem persists.
I've tried using the content filter to add a header instead of delivering the message to hosted quarantine. I figured that just adding a header would allow messages to pass through the content filter and then be processed by transport rules, but the messages were just being delivered to the recipients with my header inserted.
Custom content filters only allow me to create exceptions that are based on the recipient; I don't see a way to create an exception that is based on the sender.
Has anyone else experienced this issue and been able to address it?
I was not sure that I wanted to start filtering by IP address because I didn't know how I could ensure that the address ranges would stay current. The Hurricane Electric BGP Toolkit (http://bgp.he.net/) has helped significantly. In the case of Basecamp, its records were more complete than what basecamp.com lists.