Transport rule for authenticated sender

Iron Contributor

Hello exchange transport and EOP experts.

I have a transport rule in exchange online. The rule says that messages from authenticated sender "" should bypass spam filtering. Now I check message trace and see that some messages from this sender still get sent to Junk Folder. Messages get SCL-1, Spam Filtering Verdict SKN, IPV:NLI, BCL 0, spf=pass, compauth=pass reason=109 even dkim=pass (signature was verified) and so on, all looks good. But why is it still marked as spam ?

It was not moved to Junk Mail folder by Outlook (I see it in Message trace).

The sender is not in user's "BlockedSendersAndDomains"..

Any ideas appreciated ! BR, Ruslan


3 Replies

Since you've already checked both message trace and the relevant headers, I'd suggest opening a support case.

best response confirmed by RNalivaika (Iron Contributor)

@Vasil MichevThanks for the input. I might just have found the answer..

Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".

Checked recipient mailbox and found inbox rules that check for some random words in message body  and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.

Removed the inbox rule, hoping the problem is solved.

And i now notice the difference in headers between messages that were affected by this rule.

Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I

Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules

Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan


X-Microsoft-Antispam-Mailbox-Delivery | wl:1;pcwl:1;ucf:1;jmr:0;auth:0;dest:I;OFR:CustomRules;ENG:(910001)(944506458)(944626604)(920097)(810001)(250001)(410001)(930097);


Whenever you see the above red (OFR:CustomRules) in the message header analyzer and there is no inbox rule configured on the mailbox. Check and confirm if the recipient is using a Mobile phone to access the mailbox. If yes, then the sender of the email has been added to the block list of the recipient on the mobile phone.