Jul 08 2020 06:58 AM
Jul 08 2020 06:58 AM
Hello exchange transport and EOP experts.
I have a transport rule in exchange online. The rule says that messages from authenticated sender "firstname.lastname@example.org" should bypass spam filtering. Now I check message trace and see that some messages from this sender still get sent to Junk Folder. Messages get SCL-1, Spam Filtering Verdict SKN, IPV:NLI, BCL 0, spf=pass, compauth=pass reason=109 even dkim=pass (signature was verified) and so on, all looks good. But why is it still marked as spam ?
It was not moved to Junk Mail folder by Outlook (I see it in Message trace).
The sender is not in user's "BlockedSendersAndDomains"..
Any ideas appreciated ! BR, Ruslan
Jul 08 2020 10:13 AM
Since you've already checked both message trace and the relevant headers, I'd suggest opening a support case.
Jul 09 2020 06:22 AMSolution
@Vasil MichevThanks for the input. I might just have found the answer..
Ran Extended message trace and found this "DefaultFolderType:JunkEmail-Mailbox Rules Agent" in the column "recipient_status".
Checked recipient mailbox and found inbox rules that check for some random words in message body and move the message to Junk Mail folder. This was probably in place as a form for protection against spam in pre-EOP times.
Removed the inbox rule, hoping the problem is solved.
And i now notice the difference in headers between messages that were affected by this rule.
Message in inbox: X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I
Message in junk: X-Microsoft-Antispam-Mailbox-Delivery: ucf:1;jmr:0;auth:0;dest:J;OFR:CustomRules
Would be nice to see X-Microsoft-Antispam-Mailbox-Delivery documented, but this is probably not happening soon. :) BR, Ruslan
Dec 24 2021 09:40 AM - last edited on Jan 06 2022 05:30 AM by Allen
X-Microsoft-Antispam-Mailbox-Delivery | wl:1;pcwl:1;ucf:1;jmr:0;auth:0;dest:I;OFR:CustomRules;ENG:(910001)(944506458)(944626604)(920097)(810001)(250001)(410001)(930097);
Whenever you see the above red (OFR:CustomRules) in the message header analyzer and there is no inbox rule configured on the mailbox. Check and confirm if the recipient is using a Mobile phone to access the mailbox. If yes, then the sender of the email has been added to the block list of the recipient on the mobile phone.