High-risk delivery pool for outbound messages

Iron Contributor

Hi, I have a question regarding High-risk delivery pool for outbound messages.

If I receive a message in Junk Mail folder (SCL 6), can I check if this SCL was given by my incoming spam filter policy, or was it outgoing spam filter policy on senders side that used EOP High-risk delivery pool for outbound message?

Both sender and receiver are on Office365 but different tenants.

BR, Ruslan

5 Replies

@RNalivaika 

 

I'd suggest analysing the message headers using - https://mha.azurewebsites.net/

 

Also, this explains the process well too - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-header...

 

 

I have found out how I can see if SCL was given upon outgoing filtering, we see that in header part "x-forefront-antispam-report-untrusted", while the incoming filtering is reported on "x-forefront-antispam-report" (without untrusted suffix).

This one was useful: https://c7solutions.com/2013/10/what-is-x-forefront-antispam-report-untrusted

 

Thou, still looking for more signs in the header which would tell me if message was sent through high risk pool.

Do the messages have SFS:10001?
Sorry, I meant SFP:1501

@Matthew_79 thanks for the response. I see SFP epmty in "x-forefront-antispam-report" section, and SFP:1101 in "x-forefront-antispam-report-untrusted". BR, Ruslan