1.9.8.4.3 Ensure 'Junk E-mail protection level: Select level:' is set to Enabled:High

Information

This policy setting controls your Junk E-mail protection level. The Junk E-mail Filter in Outlook helps to prevent junk e-mail messages, also known as spam, from cluttering user's Inbox. The filter evaluates each incoming message based on several factors, including the time when the message was sent and the content of the message. The filter does not single out any particular sender or message type, but instead analyzes each message based on its content and structure to discover whether or not it is probably spam.
If you enable this policy setting, you can select one of the four listed options available. After you select an option, users will not be able to change it.
If you disable this policy setting, Outlook reverts to the user-defined protection level.
If you do not configure this policy setting, users can change their junk e-mail filtering options. The recommended state for this setting is: Enabled:High.

Rationale:

The Junk E-mail Filter in Outlook is designed to intercept the most obvious junk e-mail, or spam, and send it to users' Junk E-mail folders. The filter evaluates each incoming message based on several factors, including the time when the message was sent and the content of the message. The filter does not single out any particular sender or message type, but instead analyzes each message based on its content and structure to discover whether or not it is probably spam.

By default, users can choose from four levels of junk e-mail filtering:

* No Automatic Filtering. Outlook does not evaluate incoming messages by content. Outlook continues to evaluate messages by using the domain names and e-mail addresses in the users' Blocked Senders Lists, and continues to move messages from blocked senders to users' Junk E-mail folders.

* Low. Outlook only moves the most obvious spam messages to users' Junk E-mail folders. This level is the default setting.

* High. Outlook intercepts most junk e-mail, but might incorrectly classify some legitimate messages as junk. Users are advised to check their Junk E-mail folders often.

* Safe Lists Only. Outlook moves all incoming messages to users' Junk E-mail folders except messages from someone on users' Safe Senders Lists and messages sent to mailing lists on users' Safe Recipients Lists.

If users choose an inappropriate setting, they might miss important messages or accumulate large amounts of junk e-mail in their Inboxes.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook 2016\Outlook Options\Preferences\Junk E-mail\Junk E-mail protection level

Then set the Junk E-mail protection level: Select level: option to High.

Impact:

Different users might receive different amounts of junk e-mail. Enabling this setting might result in setting the junk e-mail protection level too high for some users and too low for others.

See Also

https://workbench.cisecurity.org/files/553

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3a.

Plugin: Windows

Control ID: 68b466409c52ee3cd7aab278f92b75484371d2befcbd0c34ea154dbc331c07c2