7

In Office 365 you can toggle a few settings to help with spam email filtering.

Among these is a setting to enable a "Sensitive Word List" as shown below:

enter image description here

The problem is...I can't find any list on Technet or elsewhere online showing what this list actually contains. It isn't editable, and isn't accessible via Exchange Online's Powershell either.

I even ventured the thought that this list was carry over from Forefront but still can't find an actual list.

So...does anyone actually know what is included in this list?

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 2
    Well, I would guess they don't really want this list to be public, to avoid that spammers get their hand on it and adapt their crap to it. – Sven Oct 06 '14 at 16:23
  • @SvW - that makes sense, but it would be nice for them to at least give examples. As it stands now I have no clue what's on it. I've tried turning it on and sending myself emails with various cuss words, viagra, porn words, etc. and they all get through...so I'm curious what MS considers "sensitive" if those aren't. – TheCleaner Oct 06 '14 at 18:35

2 Answers2

7

OK, so after going round and round with Microsoft support on this, I was transferred to someone that was at least willing to help. The first 2 techs stated the list was for "internal use only", but the third person explained that while it is true they don't have access to the actual list, they do state that it was derived from the same sensitive words list used for Forefront for Exchange and FOPE (Forefront Online Protection for Exchange) back in the day.

So, here's a list of EXAMPLES that a tech at Microsoft was willing to share. NOTE that it isn't the entire list, only a small subset of examples. I'm also told that it isn't case sensitive and that variations of spellings are also accounted for.

PLEASE NOTE, PER SE STAFF RULES/GUIDANCE THAT THIS LIST IS NSFW. WHILE HOSTED ON PASTEBIN WHICH IS A PERFECTLY ACCEPTABLE SITE AND IS ONLY TEXT, NOTE THAT THE EXAMPLES GIVEN ARE COMPLETELY NSFW...YOU'VE BEEN WARNED.

NSFW LINK: http://pastebin.com/s1vFSJyQ

EDIT (NSFW): Possibly the full FOPE list from back in the day: http://pastebin.com/cKMQFRwU

Hopefully this helps others like myself in properly testing out the sensitive words list properly after enabling it withing Office 365 / Exchange Online.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 3
    I once worked at a MMO company that launched a game for kids. We used a 3rd-party product to block bad words in the chat. To stress-test it, we opened it up for our company to use. You cannot imagine (or perhaps you can) the inventive filth that spewed out of the keyboards of 400 nerds. – mfinni Oct 08 '14 at 14:30
  • 2
    Damn. If we turned that on, I wouldn't be able to send any emails where I talk about my boss. – HopelessN00b Oct 08 '14 at 14:31
6

Microsoft. Microsoft knows what's on the list. They don't publish it. You could open a PSS ticket and ask - have you tried that? Your O365 dashboard makes it easy to open a non-criticals support ticket.

Also - even though it's not editable, you can make a transport rule yourself to exempt certain words from being blocked, if you find that to be a problem.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • 1
    Yeah, I opened a ticket and asked. I was told by O365 support "we don't have access to that list." – TheCleaner Oct 06 '14 at 18:33
  • And yeah, I can create rules, but it'd be nice to flip the switch instead of creating a custom "sensitive words" rule. – TheCleaner Oct 06 '14 at 18:43
  • 1
    Could be worse. I tried registering a customer that has the string "visa" in their (made-up-word) company name. Fail fail fail, for no visible reason. Took about two days of requesting PSS escalation before they determined that certain strings are on a possible-domain-hijacking-list, which of course the techs have no access to and in fact don't know about. – mfinni Oct 06 '14 at 18:48
  • OK, so I got an updated call from MS Support and have "examples" but I'm not sure if I can even post the list here or not...lol – TheCleaner Oct 07 '14 at 21:38
  • What are they going to do about it? Post and be damned innit. It's in the public interest. – BlueCompute Oct 08 '14 at 10:00
  • @BlueCompute - Done...it wasn't MS I was concerned about, it was SE staff...but we worked it out. – TheCleaner Oct 08 '14 at 14:27