Jul 08 2020 06:58 AM
Hello exchange transport and EOP experts.
I have a transport rule in exchange online. The rule says that messages from authenticated sender "randomdude@somecompanynamehere.com" should bypass spam filtering. Now I check message trace and see that some messages from this sender still get sent to Junk Folder. Messages get SCL-1, Spam Filtering Verdict SKN, IPV:NLI, BCL 0, spf=pass, compauth=pass reason=109 even dkim=pass (signature was verified) and so on, all looks good. But why is it still marked as spam ?
It was not moved to Junk Mail folder by Outlook (I see it in Message trace).
The sender is not in user's "BlockedSendersAndDomains"..
Any ideas appreciated ! BR, Ruslan
Jul 08 2020 10:13 AM
Since you've already checked both message trace and the relevant headers, I'd suggest opening a support case.
Jul 09 2020 06:22 AM
Solution@Vasil MichevThanks for the input. I might just have found the answer..
Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".
Checked recipient mailbox and found inbox rules that check for some random words in message body and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.
Removed the inbox rule, hoping the problem is solved.
And i now notice the difference in headers between messages that were affected by this rule.
Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I
Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules
Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan
Dec 24 2021 09:40 AM - last edited on Jan 06 2022 05:30 AM by Allen
X-Microsoft-Antispam-Mailbox-Delivery | wl:1;pcwl:1;ucf:1;jmr:0;auth:0;dest:I;OFR:CustomRules;ENG:(910001)(944506458)(944626604)(920097)(810001)(250001)(410001)(930097);
Whenever you see the above red (OFR:CustomRules) in the message header analyzer and there is no inbox rule configured on the mailbox. Check and confirm if the recipient is using a Mobile phone to access the mailbox. If yes, then the sender of the email has been added to the block list of the recipient on the mobile phone.
Jul 09 2020 06:22 AM
Solution@Vasil MichevThanks for the input. I might just have found the answer..
Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".
Checked recipient mailbox and found inbox rules that check for some random words in message body and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.
Removed the inbox rule, hoping the problem is solved.
And i now notice the difference in headers between messages that were affected by this rule.
Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I
Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules
Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan