cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Transport rule for authenticated sender

RNalivaika
Iron Contributor

‎Jul 08 2020 06:58 AM

‎Jul 08 2020 06:58 AM

Transport rule for authenticated sender

Hello exchange transport and EOP experts.

I have a transport rule in exchange online. The rule says that messages from authenticated sender "randomdude@somecompanynamehere.com" should bypass spam filtering. Now I check message trace and see that some messages from this sender still get sent to Junk Folder. Messages get SCL-1, Spam Filtering Verdict SKN, IPV:NLI, BCL 0, spf=pass, compauth=pass reason=109 even dkim=pass (signature was verified) and so on, all looks good. But why is it still marked as spam ?

It was not moved to Junk Mail folder by Outlook (I see it in Message trace).

The sender is not in user's "BlockedSendersAndDomains"..

Any ideas appreciated ! BR, Ruslan

 

9,044 Views
1 Like
3 Replies
Reply
3 Replies
Vasil Michev

‎Jul 08 2020 10:13 AM

‎Jul 08 2020 10:13 AM

Re: Transport rule for authenticated sender

Since you've already checked both message trace and the relevant headers, I'd suggest opening a support case.

1 Like
Reply
best response confirmed by RNalivaika (Iron Contributor)
RNalivaika

‎Jul 09 2020 06:22 AM

‎Jul 09 2020 06:22 AM

Solution

Re: Transport rule for authenticated sender

@Vasil MichevThanks for the input. I might just have found the answer..

Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".

Checked recipient mailbox and found inbox rules that check for some random words in message body  and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.

Removed the inbox rule, hoping the problem is solved.

And i now notice the difference in headers between messages that were affected by this rule.

Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I

Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules

Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan

 

1 Like
Reply
Degason

‎Dec 24 2021 09:40 AM - last edited on ‎Jan 06 2022 05:30 AM by

‎Dec 24 2021 09:40 AM - last edited on ‎Jan 06 2022 05:30 AM by

Re: Transport rule for authenticated sender

X-Microsoft-Antispam-Mailbox-Delivery | wl:1;pcwl:1;ucf:1;jmr:0;auth:0;dest:I;OFR:CustomRules;ENG:(910001)(944506458)(944626604)(920097)(810001)(250001)(410001)(930097);

 

Whenever you see the above red (OFR:CustomRules) in the message header analyzer and there is no inbox rule configured on the mailbox. Check and confirm if the recipient is using a Mobile phone to access the mailbox. If yes, then the sender of the email has been added to the block list of the recipient on the mobile phone.

 

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by RNalivaika (Iron Contributor)
RNalivaika

‎Jul 09 2020 06:22 AM

‎Jul 09 2020 06:22 AM

Solution

Re: Transport rule for authenticated sender

@Vasil MichevThanks for the input. I might just have found the answer..

Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".

Checked recipient mailbox and found inbox rules that check for some random words in message body  and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.

Removed the inbox rule, hoping the problem is solved.

And i now notice the difference in headers between messages that were affected by this rule.

Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I

Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules

Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan

 

View solution in original post

1 Like
Reply