We need to do some analysis of exchange tracking logs to determine the success of the spam / spoof filter settings and configuration. I am looking for some sample criteria on what would constitute a possible spam email thats crept through. Some searches online show where the from and to values (address fields) represent the same value could indicate spam/spoofing. Can you confirm or provide any other criteria.
I was also interested into what tools outside of exchange server could be used to interogate/analyse the exchange tracking logs if anyone has any suggestions.