Exchange 365 rule to block messages that contain any javascript

Ali Sahin

3/21/24, 3:01 PM

How can I add a rule that blocks any message with any explicit (script tag) or implicit javascript code (e.g. onclick="....")?

I know Exchange online has a rule to block any executable attachments but it doesn't work for this type of spam because no hacker is using attachments anymore.

0 + 2

exchange

rules

microsoft-office-365

exchangeonline

Russell

3/22/24, 9:43 AM

It seems that there is no rule that can meet the demand, you can check if there are characters in the spam emails that are different from normal emails, and then match them by email flow rules.

Ali Sahin

3/22/24, 3:09 PM

I just had a conversation about this with a Microsoft support tech and looks like there is NO way to create a rule based on HTML "code" of the message. The rules options available can only scan the "rendered HTML text" of the messages. Hackers seem to be wayyy too smarter than Microsoft on this. That's why we keep getting hundreds of phishing emails every day.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Exchange 365 rule to block messages that contain any javascript

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.