Cautions against bypassing Microsoft 365 spam filters

Summary

This article discusses why you shouldn't bypass spam filters in Microsoft 365. This article applies to both users and administrators who do the following:

If you use these lists or options, consider the following guidelines:

  • We recommend that you don't use these features because they may override the verdict that is set by Microsoft 365 spam filters. Instead, we suggest that you report junk email messages to Microsoft for analysis to help reduce the number and effect of future junk email messages.

  • If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through. Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve, and verdicts could improve over time.

  • It's important that you take the following precautions:

    • Never put domains that you own onto the Allow and blocklists.
    • Never put common domains, such as microsoft.com and office.com, onto the Allow and blocklists.
    • Don't keep domains on the lists permanently unless you disagree with the verdict of Microsoft.

For more information, see the various methods available to create safe sender and block sender lists and when to use them.