Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

Spammers are truly the worst. They’ve bombarded us with so many phone calls that we now have to purchase special apps to block robocalls, and they send so many emails that around 85% of all email communication is now spam. All that spam received has to be outbound spam from somewhere.


Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book


With so much public aversion for spammers, the last thing you want is for your company to be associated with them. But if you aren’t careful, you just might be—hackers can gain access to your email system via phishing and other common scams and then send out thousands of spam emails in your name.

It’s obvious how such a mistake could cost you your reputation, so how can you prevent it? We’ve already talked about some ways to lock down your email system against threats , and fortunately, Office Protect has a contingency plan in case you’re thrown into this worst-case scenario.


How can this happen?

First, let’s discuss how you would get into this predicament in the first place. Obviously, prevention is always our first goal, but that’s not always a practical option. Hackers employ several crafty email scams to get access to your systems and send outbound spam.



The most common email scam is phishing. Phishing involves hackers impersonating a company, fellow employee, or even family member and attempting to gain your trust (or generate fear). Their ultimate goal is to compel you to click on a malicious link that will download malware. And it’s a problem that’s not going away anytime soon—a recent report by Microsoft found that phishing has grown by over 250% and shows no sign of slowing.

In fact, these attacks are getting more sophisticated: 41% of phishing domains include just one character swap, and Verizon recently showed that 30% of phishing emails are opened. Among those who opened these emails, 12% clicked on the infected links or attachments they came with.

As staggering as those statistics are, the reality is that it only takes one distracted employee to click on a link to compromise your entire email system. And once hackers have access, they can wreak all kinds of havoc.


Outbound spam

One thing that hackers can do when they access your email system is use your contacts, logo, and email addresses to send out their own messages, known as outbound spam. They can send out something from your company that looks official to trick people into clicking on a malicious link or scam them out of money. They could even send out lots of emails from a high-level official’s account to their direct reports asking them to spend company money on gift cards—and then collect the cards to use for themselves.


Internal threats

But what if it’s not an accident?

So far, the only reason we’ve discussed for spam flowing out of your organization is due to a cybersecurity attack. While that’s the most common scenario, there is another possibility that you should be aware of—your own employees sending out spam.

There are several reasons this could happen. An employee could think they were doing you a favor by sending out a bunch of product updates to your customers and may have been unintentionally formatting or styling those messages as spam. Additionally, there could be a miscommunication of instructions that resulted in an error in the email system.

The worst scenario is one that most people do not like to discuss, but it’s a reality: an employee sending out spam messages maliciously. This could happen from a disgruntled or angry employee.

The best way to prevent a malicious attack like this is to practice good hiring and firing practices, to use clear communication, and to treat your employees well so that they do not harbor any ill will towards your organization. But sometimes, there is nothing you can do to prevent someone from trying to exact some sort of revenge.


Repercussions of outbound spam

Obviously, outbound spam can damage your company’s reputation. Not only could your employees misuse company funds and cost the business thousands of dollars, but you could also permanently lose the trust of even your most loyal customers.

Imagine if one of your customers were to be suddenly inundated with spam that looks like it’s from you and to have their systems infected. Even if it’s not your fault, that kind of oversight could ruin your reputation. It might even force you to offer free products or support to make up for it, which just adds to the cost of such an attack.

So how can you prevent these worst-case scenarios? As always, Office Protect has you covered.


Set outbound spam notifications

In addition to all the other settings that Office Protect has in place to prevent email breaches, it also has a setting for this exact worse-case scenario of outbound spam.

When this setting is enabled, you’ll be notified via email anytime that a member of your organization’s email address is flagged for spam. This helps you stop outbound spam in its tracks as soon as it’s detected and before any real damage is done.

You’ll also be notified of which account is sending out spam so you can go right to the source of the problem and shut down that account. This can also help you if you need to discipline an employee—you’ll have solid evidence to back up your claims.

Fortunately, this extremely useful feature is easy to turn on. Just access it from your dashboard—go into the settings, and you will see the toggle menu to turn it on. You will also see the security impact (medium) and user impact (none).

Microsoft 365 Outbound spam notifications could very well help save your professional reputation. Enable them today!

Written by Mathieu Pipe-Rondeau Marketing Communications Specialist @ Sherweb

Mathieu is responsible for Sherweb’s blog content and organic social media. Highly conscious of branding and related communications, he’s constantly on the lookout for new and better ways to showcase Sherweb to the world. Mathieu has ten years of communications and marketing experience, including expertise in knowledge management, process creation and improvement, technical writing and content strategy. When he’s not producing engaging content, Mathieu enjoys cooking, singing and skateboarding with his son.