eG Help

Spam is unsolicited (and typically unwanted) email messages. If spam mails are not captured promptly and filtered out, they can prove to be an unwanted distraction and can also end up unnecessarily hogging your mailbox space. This is why, its good practice to run the EXOSpamTest test periodically.

At configured intervals, this test scans the mail traffic over Exchange Online for spam mails. Spam mails detected are then categorized based on their nature. By default, the test captures the following spam categories:

For each spam category, the test then reports the count of spam mails of that category that were found in incoming mails and outgoing mails. This will reveal to administrators whether too many spam mails are coming in or going out of the monitored Office 365 tenant, and the most common spam type. Based on the pointers provided by these metrics, administrators can make intelligent spam filtering customizations.

Moreover, the detailed metrics reported by the test reveal the top senders and receivers of spam mails. This will point administrators to email traffic that they may want to track closely, so as to check for spams.

The test additionally reports the size of the incoming and outgoing spam mails. Detailed diagnostics accurately point administrators to users who sent/received large-sized spam mails, thus enabling administrators to analyze the impact of spam mail size on the mailbox size of those users.

Outputs of the test : One set of results for the monitored Office 365 tenant.

Measurement	Description	Measurement Unit	Interpretation
Inbound_spam	Indicates the number of incoming spam mails of this category.	Number	A high value for this measure is a cause for concern, as it indicates that many of the mails received are spam mails. In this case, use the detailed diagnosis of this measure to view the top-10 receivers, in terms of the number of spam mails they received. This information, thus points administrators to those receivers who were worst hit by spam mails.
Outbound_spam	Indicates the number of spam mails of this category that were sent.	Number	A high value for this measure is a cause for concern, as it indicates that many of the mails sent were spam mails. In this case, use the detailed diagnosis of this measure to view the top-10 senders, in terms of the number of spam mails they sent. This will also point you to those senders who are probably responsible for generating a lot of spam mails and frustrating receivers.
Inbound_size	Indicates the total size of incoming spam mails of this category.	GB	If the value of this measure is abnormally high, then use the detailed diagnosis of this measure to view the top-10 receivers, in terms of the size of the spam mails they received. If the mailboxes of these receivers increase in size suddenly, then check the spam mail size of these receivers to see if the spam mails caused the abnormal mailbox growth.
Outbound_size	Indicates the total size of the outgoing spam mails of this category.	GB	If the value of this measure is abnormally high, then use the detailed diagnosis of this measure to view the top-10 senders, in terms of the size of the spam mails they sent. If the mailboxes size of these senders increase suddenly, then check the spam mail size of these senders to see if the spam mails caused the abnormal mailbox growth.
Unique_snd	Indicates the number of unique senders of spam mails of this category.	Number	Use the detailed diagnosis of this measure to view the top-10 senders, in terms of the number of spam mails they sent.
Unique_rec	Indicates the number of unique receivers of spam mails of this category.	Number	Use the detailed diagnosis of this measure to view the top-10 receivers, in terms of the number of spam mails they received.