You are absolutely correct that it is important not to have overly permissive long running allows. We are taking steps to minimize the impact of those overrides on malicious messages and provide additional tools for managing those lists. Showing the customer the impact of those overrides is the best way to understand the need to remove them. Both Threat Explorer and the Threat Protection Status report have views for mails that were allowed that we would have otherwise blocked.
www.000webhost.com