Use mail flow rules to set the spam confidence level (SCL) in messages in Exchange Online
In Exchange Online organizations or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, anti-spam policies (also known as spam filter policies or content filter policies) scan inbound messages for spam. For more information, see Configure anti-spam policies in EOP.
If you want to mark specific messages as spam before they're even scanned by spam filtering, or mark messages so they'll skip spam filtering, you can create mail flow rules (also known as transport rules) to identify the messages and set the spam confidence level (SCL). For more information about the SCL, see Spam confidence level (SCL) in EOP.
What do you need to know before you begin?
You need to be assigned permissions in Exchange Online or Exchange Online Protection before you can do the procedures in this article. Specifically, you need the Transport Rules role, which is assigned to the Organization Management, Compliance Management (global admins), and Records Management role groups by default.
For more information, see the following topics:
For more information about mail flow rules in Exchange Online and standalone EOP, see the following topics:
Use the EAC to create a mail flow rule that sets the SCL of a message
In the EAC, go to Mail flow > Rules.
Click Add and then select Create a new rule.
In the New rule page that opens, configure the following settings:
Name: Enter a unique, descriptive name for the rule.
Click More Options.
Apply this rule if: Select one or more conditions to identify messages. For more information, see Mail flow rule conditions and exceptions (predicates) in Exchange Online.
Do the following: Select Modify the message properties > set the spam confidence level (SCL). In the Specify SCL dialog that appears, configure one of the following values:
Bypass spam filtering: The messages will skip spam filtering. High confidence phishing messages are still filtered. Other features in EOP are not affected (for example, messages are always scanned for malware).
If you need to bypass spam filtering for SecOps mailboxes or phishing simulations, don't use mail flow rules. See Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.
Be very careful about allowing messages to skip spam filtering. The mail flow rule should use more conditions than just the sender's email address or domain. For more information, see Create safe sender lists in EOP.
0 to 4: The message is sent through spam filtering for additional processing.
5 or 6: The message is marked as Spam. The action that you've configured for Spam filtering verdicts in your anti-spam policies is applied to the message (the default value is Move message to Junk Email folder).
7 to 9: The message is marked as High confidence spam. The action that you've configured for High confidence spam filtering verdicts in your anti-spam policies is applied to the message (the default value is Move message to Junk Email folder).
Specify any additional properties that you want for the rule. When you're finished, click Save.
How do you know this worked?
To verify that you've correctly set the SCL in messages, send an email message to someone inside your organization, and verify that the action performed on the message is as expected. For example, if you set the spam confidence level (SCL) to Bypass spam filtering, then the message should be sent to the specified recipient's Inbox. However, if you set the spam confidence level (SCL) to 9, and the High confidence spam action for your applicable anti-spam policies is to move the message to the Junk Email folder, then the message should be sent to the specified recipient's Junk Email folder.