May 04 2020 10:45 AM
Hi, I have a question regarding High-risk delivery pool for outbound messages.
If I receive a message in Junk Mail folder (SCL 6), can I check if this SCL was given by my incoming spam filter policy, or was it outgoing spam filter policy on senders side that used EOP High-risk delivery pool for outbound message?
Both sender and receiver are on Office365 but different tenants.
BR, Ruslan
May 04 2020 12:58 PM
I'd suggest analysing the message headers using - https://mha.azurewebsites.net/
Also, this explains the process well too - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-header...
May 05 2020 08:45 AM
I have found out how I can see if SCL was given upon outgoing filtering, we see that in header part "x-forefront-antispam-report-untrusted", while the incoming filtering is reported on "x-forefront-antispam-report" (without untrusted suffix).
This one was useful: https://c7solutions.com/2013/10/what-is-x-forefront-antispam-report-untrusted
Thou, still looking for more signs in the header which would tell me if message was sent through high risk pool.
May 10 2020 05:35 AM
Jun 05 2020 06:02 AM
@Matthew_79 thanks for the response. I see SFP epmty in "x-forefront-antispam-report" section, and SFP:1101 in "x-forefront-antispam-report-untrusted". BR, Ruslan