Solved

Exchange Online SCL: 5 not going to the Junk Email folder

Posted on 2014-04-21
2
3,476 Views
Last Modified: 2014-04-28
We are using Exchange Online (office 365) and the content filter for the domain is set to "Move message to Junk Email folder" for "Spam" and "High Confidence Spam". I interpret that to mean any email with an SCL rating of 5 or higher will get delivered into the Junk Email folder in the recipient's Outlook (2010).
However, some SCL 5 get deliver into the inbox and some get delivered into Junk Email.
How is that? How can I route all email with an SCL of 5 or greater into Junk Email?

This went to the inbox:
Received: from BLUPR01MB196.prod.exchangelabs.com (10.242.201.156) by
 CO1PR01MB206.prod.exchangelabs.com (10.242.168.150) with Microsoft SMTP
 Server (TLS) id 15.0.918.8 via Mailbox Transport; Mon, 21 Apr 2014 19:15:37
 +0000
Received: from BLUPR01CA041.prod.exchangelabs.com (25.160.23.31) by
 BLUPR01MB196.prod.exchangelabs.com (10.242.201.156) with Microsoft SMTP
 Server (TLS) id 15.0.921.12; Mon, 21 Apr 2014 19:15:35 +0000
Received: from BY2FFO11FD018.protection.gbl (2a01:111:f400:7c0c::144) by
 BLUPR01CA041.outlook.office365.com (2a01:111:e400:8a4::31) with Microsoft
 SMTP Server (TLS) id 15.0.908.10 via Frontend Transport; Mon, 21 Apr 2014
 19:15:34 +0000
Received: from shoal.fykesame.com (68.171.209.181) by
 BY2FFO11FD018.mail.protection.outlook.com (10.1.14.106) with Microsoft SMTP
 Server id 15.0.929.8 via Frontend Transport; Mon, 21 Apr 2014 19:15:34 +0000
Subject: Google acquired Nest and needs to start hiring - you are a candidate
From: HR-Jobs <Rashad@fykesame.com>
Message-ID: <@shoal.fykesame.com>
To: <jinfeld@isiscs.com>
Date: Mon, 21 Apr 2014 14:56:25 -0400
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Return-Path: Rashad@fykesame.com
X-EOPAttributedMessage: 0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: CIP:68.171.209.181;CTRY:US;IPV:NLI;EFV:NLI;SFV:SPM;SFS:(438001)(199002)(189002)(2009001)(25786004)(50466002)(76482001)(80976001)(97756001)(86362001)(53416003)(46102001)(50986999)(54356999)(99396002)(4396001)(15975445006)(44976005)(83072002)(23846002)(83322001)(19580395003)(85852003)(80022001)(20776003)(79102001)(23726002)(92566001)(15202345003)(92726001)(81542001)(81342001)(15187005002)(87836001)(66726004)(74502001)(74662001)(77982001)(31966008)(70656009);DIR:INB;SFP:;SCL:5;SRVR:BLUPR01MB196;H:shoal.fykesame.com;FPR:979F4335.9AF9CF65.70E11AEB.46ECFB68.20237;MLV:nov;PTR:181.209.171.68.securenet-server.net;A:1;MX:1;LANG:en;
X-MS-Exchange-Organization-Network-Message-Id: b2e29a60-ac96-4607-ffe9-08d12bad34bb
X-MS-Exchange-Organization-AVStamp-Service: 1.0
Received-SPF: Pass (: domain of fykesame.com designates 68.171.209.181 as
 permitted sender) receiver=; client-ip=68.171.209.181;
 helo=shoal.fykesame.com;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-AuthSource: BY2FFO11FD018.protection.gbl
X-MS-Exchange-Organization-AuthAs: Anonymous
X-Antivirus: avast! (VPS 140421-1, 4/21/2014), Inbound message
X-Antivirus-Status: Clean

This went to Junk Email:
Received: from BLUPR01MB196.prod.exchangelabs.com (10.242.201.156) by
 CO1PR01MB206.prod.exchangelabs.com (10.242.168.150) with Microsoft SMTP
 Server (TLS) id 15.0.918.8 via Mailbox Transport; Mon, 21 Apr 2014 18:59:58
 +0000
Received: from BLUPR01CA039.prod.exchangelabs.com (25.160.23.29) by
 BLUPR01MB196.prod.exchangelabs.com (10.242.201.156) with Microsoft SMTP
 Server (TLS) id 15.0.921.12; Mon, 21 Apr 2014 18:59:55 +0000
Received: from BY2FFO11FD005.protection.gbl (2a01:111:f400:7c0c::112) by
 BLUPR01CA039.outlook.office365.com (2a01:111:e400:8a4::29) with Microsoft
 SMTP Server (TLS) id 15.0.913.9 via Frontend Transport; Mon, 21 Apr 2014
 18:59:54 +0000
Received: from extra.livecortex.com (162.246.60.132) by
 BY2FFO11FD005.mail.protection.outlook.com (10.1.14.126) with Microsoft SMTP
 Server id 15.0.929.8 via Frontend Transport; Mon, 21 Apr 2014 18:59:54 +0000
Message-ID: <.506705851.192508459039653205@extra.livecortex.com>
MIME-Version: 1.0
Subject: BIG OFFER - for your home
To: <jinfeld@isiscs.com>
From: Kendra Coats <muso@livecortex.com>
Date: Mon, 21 Apr 2014 14:46:35 -0400
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Return-Path: muso@livecortex.com
X-EOPAttributedMessage: 0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: CIP:162.246.60.132;CTRY:;FBLW15;EFV:NLI;SFV:SPM;SFS:(769001)(438001)(45984002)(199002)(189002)(479174003)(158454003)(15202345003)(92566001)(92726001)(80022001)(20776003)(23726002)(79102001)(31966008)(14971765001)(77982001)(84676001)(81542001)(81342001)(87836001)(74662001)(74502001)(97736001)(50986999)(46102001)(86362001)(53416003)(25786004)(2009001)(97756001)(80976001)(76482001)(50466002)(44976005)(83072002)(19580395003)(19580405001)(83322001)(85852003)(23846002)(54356999)(99396002)(4396001)(15975445006)(33056003);DIR:INB;SFP:;SCL:5;SRVR:BLUPR01MB196;H:extra.livecortex.com;FPR:FCBFE6D5.AFFA9603.41DF61F7.47FA910F.203FA;MLV:spm;PTR:InfoDomainNonexistent;A:1;MX:1;LANG:en;
X-MS-Exchange-Organization-Network-Message-Id: e5c3867e-92c3-4d50-7d44-08d12bab048f
X-MS-Exchange-Organization-AVStamp-Service: 1.0
Received-SPF: Pass (: domain of livecortex.com designates 162.246.60.132 as
 permitted sender) receiver=; client-ip=162.246.60.132;
 helo=extra.livecortex.com;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-AuthSource: BY2FFO11FD005.protection.gbl
X-MS-Exchange-Organization-AuthAs: Anonymous
0
Comment
Question by:jinfeld
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40014499
SCL 5 or greater should be moved to Junk, according to this article: http://technet.microsoft.com/en-us/library/jj200686(v=exchg.150).aspx

And it seems to be classified correctly, so perhaps the issue is in the mailbox settings. Check the OWA options for that mailbox, under Block and Allow the automatic filter might be switched off. Check for any safe senders, which will simply bypass this.

You can also adjust a transport rule for the X-Forefront-Antispam-Report or the X-MS-Exchange-Organization-SCL and move them to the Junk folder. See for example here: http://technet.microsoft.com/en-us/library/jj837173(v=exchg.150).aspx
0
 

Author Closing Comment

by:jinfeld
ID: 40028362
It turns out I needed to use OWA settings in "Block and Allow" to truly activate the use of the Jun Email folder.
Thank you!
Jerry
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
This Experts Exchange lesson shows how to use VBA to loop through rows in Excel.  In order to sort, filter, and use database features, there needs to be a value in each column for every row. When data arrives with values missing, code to copy values…
how to add IIS SMTP to handle application/Scanner relays into office 365.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question