Introduction: This blog explores the workings of Microsoft's junk action and the role of Perception Point's spam engines in enhancing email security.
Spam Confidence Level (SCL) in Microsoft:
Microsoft employs the Spam Confidence Level (SCL) system to assess the likelihood of an email being spam. SCL values range from -1 to 9, with each value indicating a specific action:
SCL -1: Bypass spam
SCL 1-5: Not junk
SCL 5-6: Move to junk folder
SCL 7-9: High confidence spam, subject to quarantine based on customer configuration
Transport Rules for Managing Microsoft SCL:
To collaborate with Microsoft emails based on SCL values, Perception Point implements transport rules. For instance, emails with SCL 5-6 and 7-9 can be automatically sent to the junk folder, ensuring better email categorization and reducing the risk of spam reaching users' inboxes.
Customer Complaint Handling:
In cases where customers report clean emails in Perception Point being marked as spam in Microsoft, specific rules can be disabled or adjusted. For example:
"Send Office365 spam emails to junk folder (High)" - SCL 7-9 set to 9
"Send Office365 spam emails to junk folder (Low)" - SCL 5-6 set to 6
Advanced Microsoft Anti-Spam Engines:
Beyond the SCL system, Microsoft employs advanced anti-spam engines that can override Perception Point's verdict. This is determined by the "X-Microsoft-Antispam-Mailbox-Delivery" header, which contains various values indicating the email's assessment and delivery status.
X-Microsoft-Antispam-Mailbox-Delivery Header Explanation:
The "X-Microsoft-Antispam-Mailbox-Delivery" header values include:
"wl: 1": Whitelisted and safe
"pcwl: 1": Policy Control Whitelist
"rwl: 1": Reputation-based Spam Filtering Whitelist
"dwl: 1": Domain Whitelist
"ucf: 1": Passed safe sender/recipient list
"jmr: 0": No junk mail rules triggered
"auth: 0": No authentication failures
"dest: I": Delivered to inbox
"OFR: CustomRules": Passed through custom anti-spam rules
Perception Point Integration and API Scanning:
Perception Point integrates seamlessly with Microsoft's anti-spam measures, including API scanning. Emails with whitelisted values like "wl:1," "pcwl:1," "abwl:1," and "dwl:1" bypass spam filtering, ensuring their delivery to the recipient's inbox.
We can add values to bypass spam action using shared variable in mantis > “MICROSOFT_END_USER_SPAM_WHITELISTING_HEADER_VALUES”
Differences Between API Scanning/Journaling and Inline Methods:
API scanning/journaling can reveal detailed headers in the X-Microsoft-Antispam-Mailbox-Delivery header, in XRAY (Headers). In contrast, inline methods may require original eml from user mailboxes to check for whitelist status.
Conclusion: Understanding Microsoft's junk action mechanisms, such as the SCL system and advanced anti-spam engines, is crucial for effective email security. Integration with solutions like Perception Point enhances spam detection and ensures accurate email categorization. By leveraging transport rules, customer feedback, and advanced anti-spam measures, organizations can significantly reduce the impact of spam emails and enhance overall email security.
Example:
This email will be sent to inbox (dest = I), and allowed in the user’s outlook (dwl:1 = Domain whitelist True).
Attachments (2)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article