Exchange 365 rule to block messages that contain any javascript

Asked Mar 21 '23 at 15:01

Active Mar 21 '23 at 15:03

Viewed 78 times

How can I add a rule that blocks any message with any explicit (script tag) or implicit javascript code (e.g. onclick="....")?

I know Exchange online has a rule to block any executable attachments but it doesn't work for this type of spam because no hacker is using attachments anymore.

edited Mar 21 '23 at 15:03

asked Mar 21 '23 at 15:01

Ali Sahin

It seems that there is no rule that can meet the demand, you can check if there are characters in the spam emails that are different from normal emails, and then match them by email flow rules. – Russell Mar 22 '23 at 09:43
I just had a conversation about this with a Microsoft support tech and looks like there is NO way to create a rule based on HTML "code" of the message. The rules options available can only scan the "rendered HTML text" of the messages. Hackers seem to be wayyy too smarter than Microsoft on this. That's why we keep getting hundreds of phishing emails every day. – Ali Sahin Mar 22 '23 at 15:09

Exchange 365 rule to block messages that contain any javascript

0 Answers0