Deep within Microsoft’s documentation ecosystem lies this document – the order in which various spam filters are applied to incoming emails!

The order of processing for the email protection type: This order isn’t configurable, and is described in the following table:

OrderEmail protectionCategoryWhere to manage
1MalwareCAT:MALWConfigure anti-malware policies in EOP
2High confidence phishingCAT:HPHSHConfigure anti-spam policies in EOP
3PhishingCAT:PHSHConfigure anti-spam policies in EOP
4High confidence spamCAT:HSPMConfigure anti-spam policies in EOP
5SpoofingCAT:SPOOFSpoof intelligence insight in EOP
6*User impersonation (protected users)CAT:UIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
7*Domain impersonation (protected domains)CAT:DIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
8*Mailbox intelligence (contact graph)CAT:GIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
9SpamCAT:SPMConfigure anti-spam policies in EOP
10BulkCAT:BULKConfigure anti-spam policies in EOP