Forum Discussion
Anti-Phishing Policy and Quarantined Messages
Are you sure they are quarantined as phish, it might be the anti-spoof policy or some other feature. Looking at the headers or a message trace should give you more info.
For the record, here are the PCL levels:
|PCL|The Phishing Confidence Level (PCL) of the message, which indicates whether it's a phishing message. This status can be returned as one of the following numerical values:
• **0-3**: The message's content isn't likely to be phishing.
• **4-8**: The message's content is likely to be phishing.
• **-9990**: (Exchange Online Protection only) The message's content is likely to be phishing.
Well, in the quarantine in the S&C Center, I change the drop down to "Phish" so that I see emails quarantined as Phish and these emails show up there. So I'm as sure as I can be that these emails are quarantined for phishing. But the PCL is 0.
Unless, because they are E3 and only have very limited options in the anti-phishing policy (really only the anti-spoofing part of it), it is being quarantined as "phish" because the "anti-phishing policy" is really only an anti-spoofing policy.
