lots of BULK emails coming in

%3CLINGO-SUB%20id%3D%22lingo-sub-2862713%22%20slang%3D%22en-US%22%3Elots%20of%20BULK%20emails%20coming%20in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2862713%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20recently%20transitioned%20from%20mimecast%20to%20EOP%5CATP.%20Since%20then%20we%20are%20noticing%20alot%20of%20bulk%20emails%20coming%20in%20that%20were%20previously%20caught%20by%20mimecast.%20We%20have%20enabled%20the%20default%20anti%20spam%20policy%20and%20set%20the%20BCL%20to%203.%20When%20looking%20at%20the%20message%20headers%20for%20some%20of%20these%20bulk%20emails%2C%20EOP%20is%20stamping%20a%200%20for%20BLC%2C%20which%20means%20EOP%20thinks%20its%20legit%20email%2C%20but%20its%20not.%26nbsp%3B%20The%20suggestion%20is%20to%20use%20transport%20rules%20to%20stamp%20a%20custom%20scl%5Cbcl%20rating%20on%20the%20emails%2C%20but%20this%20seems%20like%20alot%20of%20overhead%20.%20Any%20suggestions%20on%20how%20to%20proceed%20with%20limiting%20the%20amount%20of%20BULK%20emails%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2862713%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDetection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPhishing%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2863544%22%20slang%3D%22en-US%22%3ERe%3A%20lots%20of%20BULK%20emails%20coming%20in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2863544%22%20slang%3D%22en-US%22%3EWhat%20settings%20have%20you%20applied%20from%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%2FpresetSecurityPolicies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecurity.microsoft.com%2FpresetSecurityPolicies%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%2FconfigurationAnalyzer%3Fviewid%3DstandardSetting%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecurity.microsoft.com%2FconfigurationAnalyzer%3Fviewid%3DstandardSetting%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%2FconfigurationAnalyzer%3Fviewid%3DstrictSetting%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecurity.microsoft.com%2FconfigurationAnalyzer%3Fviewid%3DstrictSetting%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hello 

 

We recently transitioned from mimecast to EOP\ATP. Since then we are noticing alot of bulk emails coming in that were previously caught by mimecast. We have enabled the default anti spam policy and set the BCL to 3. When looking at the message headers for some of these bulk emails, EOP is stamping a 0 for BLC, which means EOP thinks its legit email, but its not.  The suggestion is to use transport rules to stamp a custom scl\bcl rating on the emails, but this seems like alot of overhead . Any suggestions on how to proceed with limiting the amount of BULK emails ? 

2 Replies
Im not using the preset security polices, only the default policies