Forum Discussion
Solved
What's up with GTUBE?
The following MS Learn page recognises GTUBE as a test resource to provoke a spam detection from Exchange Online. It's in the last section:
However, if I send from Live mail to our tenancy, I receive an NDR with error 550 5.7.520 “Message blocked because it contains content identified as spam (AS 4810)”. It looks as if the bounce was from EOP rather than Live / consumer Outlook.com blocking my mail on "exit". Yes, the GTUBE string is correctly recognised and blocked but there is absolutely nothing in Threat Explorer to show that a spam was blocked or even attempted. It is as if the message had bounced off of EOP edge protection.
If I send the same string on an intra-org basis, it is delivered!
As a method of testing if a particular anti-spam policy is engaging, it's a complete flop and I would welcome any suggestions on how best to discover that. Threat Explorer doesn't show which policy acted, though it does show the detection technology if you wait for a real spam to come along.
- I actually performed this GTUBE test the other day but from a Gmail account and it was sent to Qurantine - as expected since this is how we have configured the policies to do.
Maybe sending it from Live is the culprit here?
2 Replies
- I actually performed this GTUBE test the other day but from a Gmail account and it was sent to Qurantine - as expected since this is how we have configured the policies to do.
Maybe sending it from Live is the culprit here?- Yes, I finally unearthed my Gmail test account, tried the GTUBE string and obtained the expected policy result from a "Detection technology: general filter" hit - not that it's obvious which policy is responsible. Headers say SCL 6, BCL 0, SFV:SPM, CAT:SPM.
To my mind it's still a mystery why the intra-org test was delivered normally.
