Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft 365 assigns a bulk complaint level (BCL) value to inbound messages from bulk senders. The BCL value is added to the message in an X-header and is similar to the spam confidence level (SCL) that identifies messages as spam. A higher BCL value indicates a bulk message is more likely to exhibit undesirable spam-like behavior. Microsoft uses both internal and external sources to identify bulk mail and determine the appropriate BCL value.
Bulk senders vary in their sending patterns, content creation, and recipient acquisition practices. Good bulk senders send desired messages with relevant content to their subscribers. These messages generate few complaints from recipients. Other bulk senders send unsolicited messages that closely resemble spam and generate many complaints from recipients. Messages from a bulk sender are known as bulk mail or gray mail.
Spam filtering marks messages as Bulk email based on the BCL threshold in anti-spam policies and takes the specified action on the message. For more information, see Configure anti-spam policies and What's the difference between junk email and bulk email?.
The BCL thresholds are described in the following table:
| BCL | Description |
|---|---|
| 0 | The message isn't from a bulk sender. |
| 1, 2, 3 | The message is from a bulk sender that generates few complaints. |
| 4, 5, 6, 7 | The message is from a bulk sender that generates a mixed number of complaints. |
| 8, 9 | The message is from a bulk sender that generates a high number of complaints. |
The default BCL threshold that's used in anti-spam policies is described in the following list:
- Default anti-spam policy and new anti-spam policies: 7.
- Standard preset security policy: 6.
- Strict preset security policy: 5.
Messages that meet or exceed the configured BCL threshold have the following default actions taken on them:
- Default anti-spam policy, new anti-spam policies, and Standard preset security policy: Deliver the message to recipient Junk Email folders.
- Strict preset security policy: Quarantine the message.
BCL threshold in the Threat protection status report
The filters in the View data by Email > Spam and Chart breakdown by Detection Technology view of the Threat protection status report in the Microsoft Defender portal at https://security.microsoft.com/reports/TPSEmailSpamReportATP contain the Bulk complaint level slider.
Select 
Filter. In the Filters flyout that opens, select only the Detection value Bulk in the Filters flyout that opens. Use the Bulk complaint level slider to increase or decrease the BCL threshold.
After you apply the filters and return to the main report page, you see that hanging the BCL threshold changes the data in the report:
- Increasing the BCL threshold identifies fewer messages as bulk.
- Decreasing the BCL threshold value identifies more messages as bulk.
- Set a minimum and maximum BCL threshold to see the effect on bulk detections.
Bulk senders insight
The bulk senders insight in the Defender portal allows you to see how much mail was identified as bulk at the current BCL threshold in anti-spam policies, and to simulate identified vs. allowed bulk mail based on changes in the BCL threshold.
The bulk senders insight is available in the following locations in the Defender portal:
- In the properties of the default anti-spam policy or custom anti-spam policies.
- On the Email & collaboration reports and insights page at https://security.microsoft.com/emailandcollabreport.
For more information, see Bulk senders insight.
Deliver bulk mail below the BCL threshold to the Promotions folder
Note
The features described in this section are currently in Preview, aren't available to all organizations, and are subject to change.
As previously described, the action for bulk mail that meets or exceeds the BCL threshold is defined in anti-spam policies. For example, deliver to the Junk Email folder or quarantine.
But you can configure anti-spam policies to deliver bulk mail below the BCL threshold to the Promotions folder in supported versions of Outlook by doing the following steps:
Create (or identify) two mail-enabled security groups for the following purposes:
- Opt-in: Users who get bulk mail tagged as Bulk and delivered to the Promotions folder in supported Outlook clients.
- Opt-out: Users who don't get bulk mail tagged as Bulk and don't get a Promotions folder.
By leaving one group and joining the other, admins or the users themselves can control whether the Promotions folder is used.
For group creation instructions, see Manage mail-enabled security groups in Exchange Online.
Create an Exchange mail flow rule (also known as a transport rule) to apply the Bulk tag in supported versions of Outlook to all bulk mail sent to members of the opt-in mail-enabled security group. Create the rule with the following settings:
- Set rule conditions page:
- Name: For example, Bulk mail ID.
- Apply this rule if...: Configure the following conditions:
- The recipient > is a member of this group: Select the opt-in mail-enabled security group.
- The sender > is external/internal: Select Outside the organization.
- Do the following...: Select Modify the message properties > set a message header.
- Set the message header: Enter the value
X-MS-Exchange-Organization-BulkStamping. - to the value: Enter the value
1.
- Set the message header: Enter the value
- Except if...: Optionally, you can use exceptions to prevent specific bulk senders from being tagged as Bulk. For example:
- The sender > is this person
- The sender > domain is
- Set rule settings page: Verify Stop processing more rules isn't selected.
- Set rule conditions page:
Create new opt-in and opt-out anti-spam policies to identify users who should and shouldn't get all bulk mail below the BCL threshold delivered to the Promotions folder (members of the opt-in and opt-out mail-enabled security groups). For anti-spam policy creation instructions, see Use the Microsoft Defender portal to create anti-spam policies.
- For both anti-spam policies, do the following steps:
- Verify the members of both mail-enabled security groups aren't included in or are excluded from the Standard and Strict preset security policies. For more information, see Order of precedence for preset security policies and other threat policies
- Recreate the settings from the old anti-spam policy that the members of the mail-enabled security group left for the new custom policy. For example, the BCL threshold (although we recommend a minimum value of 5 for the opt-in policy) and bulk action, other detection actions and the corresponding quarantine policies, allow list settings, block list settings, etc.
- For the opt-out anti-spam policy, configure the following settings:
- Users, groups, and domains page:
- Include these users, groups and domains section: Click in the Groups box to enter and select the opt-out mail-enabled security group you created or identified in Step 1.
- Exclude these users, groups and domains: Optionally select the check box to find and enter Users or Groups (not both) to exclude from the policy.
- Users, groups, and domains page:
- For the opt-in anti-spam policy, configure the following settings:
Users, groups, and domains page:
- Include these users, groups and domains section: Click in the Groups box to enter and select the opt-in mail-enabled security group you used in the previous steps.
- Exclude these users, groups and domains: Optionally select the check box to find and enter Users or Groups (not both) to exclude from the policy.
Actions page: Move the Bulk moves enabled toggle to
On.
Configure the opt-in anti-spam policy with a high priority (low priority number) so it's applied before other custom anti-spam policies.
Tip
For important information about why you shouldn't mix Users and Groups to include in or exclude from an anti-spam policy, see Step 4 in Use the Microsoft Defender portal to create anti-spam policies.
- For both anti-spam policies, do the following steps:
After you complete the previous steps, members of the opt-in mail-enabled security group (users who have the opt-in anti-spam policy applied) currently have the following experiences, based on their version of Outlook:
| Feature | Outlook on the web |
Outlook for Windows | Outlook for iOS and Android |
Classic Outlook |
|---|---|---|---|---|
| All messages identified as bulk have the Bulk tag applied, regardless of the message location in the mailbox. | ✔ | ✔ | ||
| The Bulk tag is available as a condition in Inbox rules. | ✔ | ✔ | ||
| Bulk mail below the BCL threshold that invokes the bulk action in the anti-spam policy is delivered to the Promotions folder. | ✔ | ✔ | ✔ | ✔ |
About the Promotions folder
The Promotions folder in user mailboxes has the following characteristics:
- Promotions is a regular folder, not a system folder.
- If you soft delete the folder (available in Deleted items), bulk messages are delivered to the folder in Deleted items.
- Currently, if you hard delete the folder (available in Recoverable items), the folder is recreated and used within approximately 5 minutes.
- If an unrelated Promotions folder already exists in the mailbox, a new folder named Promotions(1) is created and used.
- If you rename or move the Promotions folder, it continues to work (the name or location of the folder isn't important).
- Bulk mail that would normally be delivered to the Promotions folder is delivered to the Inbox in the following scenarios:
- The bulk sender is in the user's Safe Senders list.
- The bulk sender is in an accepted domain of the organization.
- Microsoft 365 learns from user activity in the Promotions folder (moving messages in or out), and remembers the action for future messages.