SOLVED

Transport rule for authenticated sender

Contributor

Hello exchange transport and EOP experts.

I have a transport rule in exchange online. The rule says that messages from authenticated sender "randomdude@somecompanynamehere.com" should bypass spam filtering. Now I check message trace and see that some messages from this sender still get sent to Junk Folder. Messages get SCL-1, Spam Filtering Verdict SKN, IPV:NLI, BCL 0, spf=pass, compauth=pass reason=109 even dkim=pass (signature was verified) and so on, all looks good. But why is it still marked as spam ?

It was not moved to Junk Mail folder by Outlook (I see it in Message trace).

The sender is not in user's "BlockedSendersAndDomains"..

Any ideas appreciated ! BR, Ruslan

 

2 Replies

Since you've already checked both message trace and the relevant headers, I'd suggest opening a support case.

best response confirmed by RNalivaika (Contributor)
Solution

@Vasil MichevThanks for the input. I might just have found the answer..

Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".

Checked recipient mailbox and found inbox rules that check for some random words in message body  and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.

Removed the inbox rule, hoping the problem is solved.

And i now notice the difference in headers between messages that were affected by this rule.

Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I

Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules

Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan