High-risk delivery pool for outbound messages

Question

Hi, I have a question regarding&nbsp;High-risk delivery pool for outbound messages.If I receive a message in Junk Mail folder (SCL 6), can I check if this SCL was given by my incoming spam filter policy, or was it outgoing spam filter policy on senders side that used EOP High-risk delivery pool for outbound message?Both sender and receiver are on Office365 but different tenants.BR, Ruslan

peterrising · Answer

RNalivaika&nbsp;&nbsp;I'd suggest analysing the message headers using -&nbsp;https://mha.azurewebsites.net/&nbsp;Also, this explains the process well too -&nbsp;https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide&nbsp;&nbsp;

rnalivaika · Answer

I have found out how I can see if SCL was given upon outgoing filtering, we see that in header part "x-forefront-antispam-report-untrusted", while the incoming filtering is reported on "x-forefront-antispam-report" (without untrusted suffix).

This one was useful: https://c7solutions.com/2013/10/what-is-x-forefront-antispam-report-untrusted

Thou, still looking for more signs in the header which would tell me if message was sent through high risk pool.

matthew_79 · Answer

Do the messages have SFS:10001?

matthew_79 · Answer

Sorry, I meant SFP:1501

rnalivaika · Answer

Matthew_79&nbsp;thanks for the response. I see SFP epmty in "x-forefront-antispam-report" section, and SFP:1101 in "x-forefront-antispam-report-untrusted". BR, Ruslan

Forum Discussion

High-risk delivery pool for outbound messages

Share

Resources