Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

What's up with GTUBE?

Frequent Contributor

The following MS Learn page recognises GTUBE as a test resource to provoke a spam detection from Exchange Online. It's in the last section:


However, if I send from Live mail to our tenancy, I receive an NDR with error 550 5.7.520 “Message blocked because it contains content identified as spam (AS 4810)”. It looks as if the bounce was from EOP rather than Live / consumer blocking my mail on "exit". Yes, the GTUBE string is correctly recognised and blocked but there is absolutely nothing in Threat Explorer to show that a spam was blocked or even attempted. It is as if the message had bounced off of EOP edge protection.


If I send the same string on an intra-org basis, it is delivered!


As a method of testing if a particular anti-spam policy is engaging, it's a complete flop and I would welcome any suggestions on how best to discover that. Threat Explorer doesn't show which policy acted, though it does show the detection technology if you wait for a real spam to come along.

2 Replies
best response confirmed by ExMSW4319 (Frequent Contributor)
I actually performed this GTUBE test the other day but from a Gmail account and it was sent to Qurantine - as expected since this is how we have configured the policies to do.

Maybe sending it from Live is the culprit here?
Yes, I finally unearthed my Gmail test account, tried the GTUBE string and obtained the expected policy result from a "Detection technology: general filter" hit - not that it's obvious which policy is responsible. Headers say SCL 6, BCL 0, SFV:SPM, CAT:SPM.

To my mind it's still a mystery why the intra-org test was delivered normally.