Spam confidence level (SCL) in EOP

• Attiecas uz:

  ✅ Exchange Online Protection, ✅ Microsoft Defender for Office 365 Plan 1 and Plan 2, ✅ Microsoft Defender XDR

In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, inbound messages go through spam filtering in EOP and are assigned a spam score. That score is mapped to an individual spam confidence level (SCL) value that's added to the message in an X-header. A higher SCL value indicates a message is more likely to be spam. EOP takes action on the message based on the SCL value.

The following table describes what the SCL values mean and the default action that's taken on those messages:

SCL value	Definition	Default action
-1	The message skipped spam filtering. For example, the message is from a safe sender, was sent to a safe recipient, or is from an email source server on the IP Allow List. For more information, see Create safe sender lists in EOP.	Deliver the message to recipient Inbox folders.
0, 1	Spam filtering determined the message wasn't spam.	Deliver the message to recipient Inbox folders.
5, 6	Spam filtering marked the message as Spam	Default anti-spam policy, new anti-spam policies, and Standard preset security policy: Deliver the message to recipient Junk Email folders. Strict preset security policy: Quarantine the message.
7, 8, 9	Spam filtering marked the message as High confidence spam	Default anti-spam policy and new anti-spam policies: Deliver the message to recipient Junk Email folders. Standard and Strict preset security policies: Quarantine the message.

Padoms

Spam filtering never stamps messages with the SCL values 2, 3, or 4.

Typically, spam filtering itself doesn't stamp messages with the SCL value 7, but other features might. For example:

• Human message grading by an analyst.
• DMARC failures.
• Mail flow rules (also known as transport rules).

For more information about actions you can take on messages based on the spam filtering verdict, see Configure anti-spam policies in EOP.

Similar to the SCL, the bulk complaint level (BCL) identifies bad bulk email (also known as gray mail). A higher BCL value indicates the message is more likely to exhibit undesirable spam-like behavior. You configure the BCL threshold in anti-spam policies. For more information, see Configure anti-spam policies in EOP, Bulk complaint level (BCL) in EOP, and What's the difference between junk email and bulk email?.

---

New to Microsoft 365? Discover free video courses for Microsoft 365 admins and IT pros, brought to you by LinkedIn Learning.