Office 365: Exchange Online Protection vs. Transport Rules

I have noticed that the Content Filter portion of Exchange Online Protection takes precedence over transport rules.  This results in the quarantining of several legitimate messages despite the creation of transport rules that should allow delivery.

I will use basecamp.com as an example.  Almost daily, I have to release several legitimate messages from basecamp.com.  Message traces show that the messages are being quarantined before transport rules are applied.  I have repeatedly reported false positives to Microsoft, but the problem persists.

I've tried using the content filter to add a header instead of delivering the message to hosted quarantine.  I figured that just adding a header would allow messages to pass through the content filter and then be processed by transport rules, but the messages were just being delivered to the recipients with my header inserted.

Custom content filters only allow me to create exceptions that are based on the recipient; I don't see a way to create an exception that is based on the sender.

Has anyone else experienced this issue and been able to address it?
jwcchelpdeskAsked:
Who is Participating?
 
Vasil Michev (MVP)Commented:
I havent noticed any issues with whitelisting domain names using transport rules, but one thing I often forget is to set the rule to match "Header or envelope". In any case, the best thing you can do is add IP based exception in the Connection filter, this takes precedence over anything else.
0
 
jwcchelpdeskAuthor Commented:
Thank you.  I have decided to filter by IP address as much as possible.  I haven't responded because I wanted to make sure that the filtering was working properly.

I was not sure that I wanted to start filtering by IP address because I didn't know how I could ensure that the address ranges would stay current.  The Hurricane Electric BGP Toolkit (http://bgp.he.net/) has helped significantly.  In the case of Basecamp, its records were more complete than what basecamp.com lists.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.