Office 365: Exchange Online Protection vs. Transport Rules

I have noticed that the Content Filter portion of Exchange Online Protection takes precedence over transport rules.  This results in the quarantining of several legitimate messages despite the creation of transport rules that should allow delivery.

I will use basecamp.com as an example.  Almost daily, I have to release several legitimate messages from basecamp.com.  Message traces show that the messages are being quarantined before transport rules are applied.  I have repeatedly reported false positives to Microsoft, but the problem persists.

I've tried using the content filter to add a header instead of delivering the message to hosted quarantine.  I figured that just adding a header would allow messages to pass through the content filter and then be processed by transport rules, but the messages were just being delivered to the recipients with my header inserted.

Custom content filters only allow me to create exceptions that are based on the recipient; I don't see a way to create an exception that is based on the sender.

Has anyone else experienced this issue and been able to address it?
jwcchelpdeskAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
I havent noticed any issues with whitelisting domain names using transport rules, but one thing I often forget is to set the rule to match "Header or envelope". In any case, the best thing you can do is add IP based exception in the Connection filter, this takes precedence over anything else.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jwcchelpdeskAuthor Commented:
Thank you.  I have decided to filter by IP address as much as possible.  I haven't responded because I wanted to make sure that the filtering was working properly.

I was not sure that I wanted to start filtering by IP address because I didn't know how I could ensure that the address ranges would stay current.  The Hurricane Electric BGP Toolkit (http://bgp.he.net/) has helped significantly.  In the case of Basecamp, its records were more complete than what basecamp.com lists.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.