Oct 26 2017 02:50 PM - edited Oct 26 2017 02:51 PM
We are trying to decrease the amount of junk/phishing messages we receive. We are considering changing the threshold at which our bulk email gets marked as spam from the default value of 7 to something more restrictive. The article at https://technet.microsoft.com/en-us/library/dn759623%28v=exchg.150%29.aspx?f=255&MSPPError=-21472173... tells us a bit about the BCL Values and Descriptions. However, it's unclear to us whether changing the value from 7 to 6, 5, or 4 will gain us anything. Or do we have to change to a minimum of 3 to reach the next threshold?
Oct 27 2017 05:03 AM
Hello Tony,
A good way to test things out is by incrementing the value by 1 and see how it goes. If you still get a good amount of Spam, then you would increase it again. This setting is different from one organization to another.
Give it a try and see how it goes for a couple of days.
Let us know how it goes.
Thanks,
Michael
Oct 27 2017 07:50 AM
After updating the value, monitor if you are getting more or less or same amount of junk mail that is being received. You can evaluate over a couple of days to get a better picture.
Oct 27 2017 08:16 AM
SolutionYou could use the Mail traffic reports from the Admin portal or from powershell using the get-MailTrafficReport cmdlet
Nov 01 2017 12:23 PM
Or you could look at why you are getting the spam/phishing and resolve the issue in other ways. For example, if it is phish have you enabled DMARC on your domain and worked towards a quarantine or reject policy.
Ensure that groups that do not need to receive from internet are set to block unauthenticated connections (groups made back in the 2003 timeframe default to this)
Consider using the spam filter policy to move high category spam to reject and medium to junk mail or end user quarantine
Train users in the Outlook reject sender options to they have personal blocklists
Ensure that all your mail routes through a cloud filter first, and that this is the first hop (I.e. MX to Exchange Online Protection) and not MX straight to your servers or to a device that is not a spam filter (you don’t outline what service you are using for spam filtering so some of the above you may be doing already)
Nov 01 2017 02:44 PM
We're doing most of what you suggested already; just the BCL deal threw us off.
Oct 27 2017 08:16 AM
SolutionYou could use the Mail traffic reports from the Admin portal or from powershell using the get-MailTrafficReport cmdlet