cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

What's up with GTUBE?

ExMSW4319
Iron Contributor

‎May 12 2023 08:06 AM

‎May 12 2023 08:06 AM

What's up with GTUBE?

The following MS Learn page recognises GTUBE as a test resource to provoke a spam detection from Exchange Online. It's in the last section:

 

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-policies-conf...

 

However, if I send from Live mail to our tenancy, I receive an NDR with error 550 5.7.520 “Message blocked because it contains content identified as spam (AS 4810)”. It looks as if the bounce was from EOP rather than Live / consumer Outlook.com blocking my mail on "exit". Yes, the GTUBE string is correctly recognised and blocked but there is absolutely nothing in Threat Explorer to show that a spam was blocked or even attempted. It is as if the message had bounced off of EOP edge protection.

 

If I send the same string on an intra-org basis, it is delivered!

 

As a method of testing if a particular anti-spam policy is engaging, it's a complete flop and I would welcome any suggestions on how best to discover that. Threat Explorer doesn't show which policy acted, though it does show the detection technology if you wait for a real spam to come along.

1,051 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by ExMSW4319 (Iron Contributor)
Jonas Back

‎May 12 2023 12:55 PM

‎May 12 2023 12:55 PM

Solution

Re: What's up with GTUBE?

I actually performed this GTUBE test the other day but from a Gmail account and it was sent to Qurantine - as expected since this is how we have configured the policies to do.

Maybe sending it from Live is the culprit here?
0 Likes
Reply
ExMSW4319

‎May 15 2023 07:14 AM

‎May 15 2023 07:14 AM

Re: What's up with GTUBE?

Yes, I finally unearthed my Gmail test account, tried the GTUBE string and obtained the expected policy result from a "Detection technology: general filter" hit - not that it's obvious which policy is responsible. Headers say SCL 6, BCL 0, SFV:SPM, CAT:SPM.

To my mind it's still a mystery why the intra-org test was delivered normally.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by ExMSW4319 (Iron Contributor)
Jonas Back

‎May 12 2023 12:55 PM

‎May 12 2023 12:55 PM

Solution

Re: What's up with GTUBE?

I actually performed this GTUBE test the other day but from a Gmail account and it was sent to Qurantine - as expected since this is how we have configured the policies to do.

Maybe sending it from Live is the culprit here?

View solution in original post

0 Likes
Reply