We recently had a phishing attack that only harvested one account. This one account then began to SPAM thousands of emails via our OWA. We caught the account and shut it down, but not before we were placed on a Microsoft Blacklist. After about a week and a half, we are now off the list and mail will start flowing in 24-48 hours.
I am looking for best practices to avoid this issue in the future.
1.) Is there a way to limit the amount of email a user can send over a period of time?
2.) Is there a way to find and delete a particular email or attachment from multiple boxes without opening each account?