SOLVED

BCL Values

Highlighted
Frequent Contributor

We are trying to decrease the amount of junk/phishing messages we receive. We are considering changing the threshold at which our bulk email gets marked as spam from the default value of 7 to something more restrictive. The article at https://technet.microsoft.com/en-us/library/dn759623%28v=exchg.150%29.aspx?f=255&MSPPError=-21472173... tells us a bit about the BCL Values and Descriptions. However, it's unclear to us whether changing the value from 7 to 6, 5, or 4 will gain us anything. Or do we have to change to a minimum of 3 to reach the next threshold?

7 Replies
Highlighted

Hello Tony,

 

A good way to test things out is by incrementing the value by 1 and see how it goes.  If you still get a good amount of Spam, then you would increase it again.  This setting is different from one organization to another.

 

Give it a try and see how it goes for a couple of days.

 

Let us know how it goes.

 

Thanks,

 

Michael

Highlighted

What would you do to "see how it goes"?

Highlighted

After updating the value, monitor if you are getting more or less or same amount of junk mail that is being received. You can evaluate over a couple of days to get a better picture. 

Highlighted

How do you monitor?  Is there a chart or graph somewhere?

Highlighted
Best Response confirmed by Tony Derricott (Frequent Contributor)
Solution

You could use the Mail traffic reports from the Admin portal or from powershell using the get-MailTrafficReport cmdlet 

Highlighted

Or you could look at why you are getting the spam/phishing and resolve the issue in other ways. For example, if it is phish have you enabled DMARC on your domain and worked towards a quarantine or reject policy.

 

Ensure that groups that do not need to receive from internet are set to block unauthenticated connections (groups made back in the 2003 timeframe default to this)

 

Consider using the spam filter policy to move high category spam to reject and medium to junk mail or end user quarantine

 

Train users in the Outlook reject sender options to they have personal blocklists

 

Ensure that all your mail routes through a cloud filter first, and that this is the first hop (I.e. MX to Exchange Online Protection) and not MX straight to your servers or to a device that is not a spam filter (you don’t outline what service you are using for spam filtering so some of the above you may be doing already)

Highlighted

We're doing most of what you suggested already; just the BCL deal threw us off.