This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Like others, I am having recent issues with more genuine spam emails getting blocked. I am aware of the message flow, and I am aware of whitlisting - but that isn't the question. We have whitelisted "company" domains, but many customers come from @Hotmail and the like and we are not going to whitelist that domain! As we have many customers and new leads, we cannot whitelist individual email addresses in advance as we don't know why they are. I am aware we can notify MS of the incorrect spam, but that so far has zero effect.
It is so bad, we need to disable spam from going to users junk mail. As you can see, we have done this, and prepend the subject instead with "SPAM (maybe)". Great
This works - the emails are being prepended.
BUT they are still getting delivered into the users junk mail, albeit with a prepended subject.
The message trace is
So this shows the "mailbox" is moving the mail from the inbox to the junk item by a "rule the recipient set up" - which is a lie. The rules are default and hidden.
Looking at https://support.office.com/en-gb/article/Filter-junk-email-and-spam-in-Outlook-on-the-web-db786e79-54e2-40cc-904f-d89d57b7f41d shows an OWA setting to enabled/disable "mailbox filtering" by changing the setting under the "block and allow" to don't move items to the junk mail folder. Is this the cause of the direction above?
In which case - what about any spam Exchange/365 puts in junk that the user wants whitelisted?!
I feel either I don't understand the process, or I can't find some settings!
But in summary:-
I have also found https://technet.microsoft.com/en-us/library/bb123559(v=exchg.160).aspx which seems to suggest SCL settings can be amended for users mailboxes, but I don't seem to get this working on 365 - is this on-prem only?
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hi Blue Snowman,
Any updates?
Thanks,
Mouran
Hi Blue Snowman,
Another update:
I’ve discussed with my colleague. Still, it’s not feasible to meet the 3 requirements at the same time. However, we can meet the first and second requirements at the same time. To do that, we can set up an inbox rules for the specific mailbox. Below are the detailed steps:
Let me know if you are OK with this.
Thanks,
Mouran
Hi Blue Snowman,
The 2 parts you quote is not contradictory, maybe I’m not clarifying the blue part you quote clearly. Ok, let me be more specific about the blue part here: The prerequisite of making the blue part you quote work is that the block or allow function is not disabled for that mailbox. Which means you should select the option “Automatically filter junk email” in the block or allow if you want the EOP setting work for that specific mailbox. However, if you add the high confidence spam sender to the “Safe Senders and Recipients” list, the high confidence spam will still be delivered to the inbox.
For the italic quote, I mean if you want the “Spam” delivered to inbox with subject prepended, you need to set the block or allow to “don’t move items to the junk mail folder”. After that, all spams including high confidence spam will delivered to the inbox of the specific mailbox.
So, the 2 parts are not contradictory.
When you say “However, about 24hrs later, a mail came in (it was an NDR from a forged sender (client web app), so tagging as junk was fair, it had SCL of 5)”, based on my experience, a NDR is generated because you sent an email to a forged recipient or other scenarios. And the NDR is usually delivered directly to your inbox. So, I’m not sure what the “a forged sender” you mentioned refer to.
So, could you please give us the example of the NDR (save the NDR mail as a .msg file)? Also, please share the message header of the NDR message with us via the private message for further analysis.
I’ve sent you a private message to collect the information. Please refer to the link below to access it:
https://answers.microsoft.com/en-us/privatemessages/list
Thanks,
Mouran
Hi Blue Snowman,
Let me explain to you what the user interface you provided in the EAC offers:
The prepend subject line with text means all incoming spams will be added a text in front of their subjects. Once the email message is detected as a spam by the EOP, its subject will be added such a text.
The move message to junk email folder option under “High confidence spam” means all high confidence spams will be moved to the junk email folder of the mailboxes inside the organization.
Thank you for your response, but I'm afraid its not clear to me and your responses are contradictory. If we ignore client-side whitelists, and focus on the above, then how is that achievable? They are the settings I want - spam to have subject tagged, and high confidence spam to junk. They are the settings I have applied.
But - for that to work, does the mailbox block/allow need to be set to disabled so client does not do any processing?
You said previously:
For the first requirement (get "spam" delivered to inbox with subject appended with "SPAM:"), to do that, besides the settings you mentioned in the EAC, we still need to disable the mailbox-level spam filtering by changing the setting under the "block and allow" to don't move items to the junk mail folder. After that, the second requirement cannot be accomplished because the “High confidence spam” will also be delivered to the inbox after disabling the mailbox-level spam filtering.
Which is the opposite of what you said quoted above. The italic quote you say you need to disable malbox junk filtering to allow "spam" with subject tag to go to inbox, but doing so also allows "high conifidence spam" to go to inbox too. And in the blue quote you say high confidence spam will still go to junk mail?
So which is it?!?!?!?!
As an aside I don't think we are getting the full picture:-
I HAVE disabled mailbox junk mail filtering. I HAVE configured EOP to tag spam on subject and deliver high confidence spam to junk. The mailbox has no mailbox rules. Screen shots below show the UI and the powershellresponses confirming this.
However, about 24hrs later, a mail came in (it was an NDR from a forged sender (client web app), so tagging as junk was fair, it had SCL of 5). this should've had subject tagged and deliverd to inbox. It didn't - it had subject tagged and sent to junk! Which should be impossible.
Trace shows email was tagged as spam as expected, and "an inbox rule" did the move - but considering that's disabled, and there are NO inbox rules, how did that happen?
And yes, all screen shots and data are from the same mailbox.
So - what process did this junk mail hit that IS NOT a mailbox rule, or mailbox junk filtering, but Exchange sent it straight to the junk folder!?
This may be an aside, but with the contradictory information above - its not a surprise things aren't clear
Hi Blue Snowman,
Let me explain to you what the user interface you provided in the EAC offers:
The prepend subject line with text means all incoming spams will be added a text in front of their subjects. Once the email message is detected as a spam by the EOP, its subject will be added such a text.
The move message to junk email folder option under “High confidence spam” means all high confidence spams will be moved to the junk email folder of the mailboxes inside the organization.
Like I said, this function is an organization-level one, it only applies to all the messages which pass through the EOP. Once the messages pass through the EOP successfully, it won’t work anymore. However, there is a mailbox-level function called "block or allow" in OWA. Once the message passes through EOP and delivers to the mailbox, the "block or allow" will examine the message based on your personal settings.
So, let’s get back to the 3 requirements. Regarding the first one, to get spam delivered to inbox, you need to set the "block and allow" to “Don’t move items to the junk mail folder”. However, by doing that, the second one will not be satisfied because all spams including the high confidence one will be delivered to the inbox.
In conclusion, we are not able to accomplish the 3 requirements at the same time. We appreciate your understanding.
But, you can submit feedback to our related team about the 3 requirements via the link below:
https://office365.uservoice.com/forums/289138-compliance-protection
Microsoft welcomes your valuable feedback.
Thanks,
Mouran