Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 17, 2014 4:33 AM | 2 votes
hello, can anyone help me to understand the following ?
X-MS-Exchange-Organization-Antispam-Report: v=2.1 cv=WM5GABcR c=0 sm=1 tr=0
p=jq6uuV1YAAAA:8 a=oZgUMwJJN7khI4xAUuKglw==:117
a=oZgUMwJJN7khI4xAUuKglw==:17 a=jPJDawAOAc8A:10 a=qhiXE4GS29cA:10
a=E9JEizRoAAAA:8 a=XA8HqelQAAAA:8 a=erKict_eAAAA:8
a=mBZwpfFs51wA:10;OrigIP:5.178.87.35;SCL:9
Ilya Shipitsin
All replies (19)
Friday, October 17, 2014 5:13 AM
Hi
Could you please elaborate little bit more on your query ?
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish (MVP)
Monday, October 20, 2014 6:48 AM
Hi,
X-MS-Exchange-Organization-Antispam-Report
This X-header is a summary report of the anti-spam filter results that have been applied to the message by the Content Filter agent. For more details about this, you can look at the following article.
http://technet.microsoft.com/en-gb/library/aa996878(v=exchg.150).aspx
Best regards,
If you have feedback for TechNet Subscriber Support, contact [email protected]
Belinda Ma
TechNet Community Support
Wednesday, October 22, 2014 2:27 AM
Hi,
Is there any update on this issue?
Best regards,
If you have feedback for TechNet Subscriber Support, contact [email protected]
Belinda Ma
TechNet Community Support
Monday, October 27, 2014 5:16 PM | 1 vote
Belinda, It seems you didn't pay enough attention to my question.
the article you mentioned doesn't say nothing about "p=" or "a=", can you use samples from my question and tell what they mean, please ?
Hi,
X-MS-Exchange-Organization-Antispam-Report
This X-header is a summary report of the anti-spam filter results that have been applied to the message by the Content Filter agent. For more details about this, you can look at the following article.
http://technet.microsoft.com/en-gb/library/aa996878(v=exchg.150).aspx
Best regards,
If you have feedback for TechNet Subscriber Support, contact [email protected]
Belinda Ma
TechNet Community Support
Ilya Shipitsin
Monday, October 27, 2014 5:31 PM
yes, see my answer.
Ilya Shipitsin
Monday, October 27, 2014 5:56 PM
pardon ? what kind of elaborate are you talking about ?
can you provide details on what you would like to hear from me ?
Ilya Shipitsin
Thursday, October 30, 2014 2:16 AM | 1 vote
Hi,
This is proprietary information, It's very hard to find any published information about it.
Thanks.
Wednesday, November 5, 2014 10:04 AM | 2 votes
I would like to know why that certain message is marked as SPAM (i.e. SCL = 9).
any reason for keeping such kind of information from exchange admin ?
any reason for including such a weird report in mail message ?
Ilya Shipitsin
Friday, November 21, 2014 5:18 AM
Hi refer to this:
http://msdn.microsoft.com/en-us/library/ms998863(v=exchg.65).aspx
Tuesday, February 17, 2015 6:48 PM
Hi refer to this:
http://msdn.microsoft.com/en-us/library/ms998863(v=exchg.65).aspx
I must be very stupid, but I do not understand what do you mean.
can you please provide more details ?
I know SCL=9 means spam, but I've no idea why.
please, help me.
Ilya Shipitsin
Wednesday, February 18, 2015 1:43 AM | 1 vote
Hi,
The spam confidence level (SCL) is the normalized value assigned to a message that indicates, based on the characteristics of a message (such as the content, message header, and so forth), the likelihood that the message is spam.
Exchange Server set SCL value for message by using Intelligent Message Filter. Content filtering uses Microsoft SmartScreen technology to assess the contents of a message. Intelligent Message Filter is the underlying technology of Exchange content filtering. Intelligent Message Filter is based on patented machine-learning technology from Microsoft Research. During its development, Intelligent Message Filter learned distinguishing characteristics of legitimate e-mail messages and spam. Regular updates with Microsoft Exchange Anti-spam Update service ensure that the most up-to-date information is always included when the Intelligent Message Filter runs. Based on the characteristics of millions of messages, Intelligent Message
Filter recognizes indicators of both legitimate messages and spam messages. Intelligent Message Filter can accurately assess the probability that an inbound e-mail message is either a legitimate message or spam.
Thanks~
Tuesday, March 17, 2015 6:52 AM | 2 votes
you do not make sense.
I want to know exact reason why that message was marked as spam.
and there's some anti spam report included in headers which I want to decrypt.
you do not help me. please avoid answers in common. if you do not know how to deal with Anti-Spam report you do not help.
Ilya Shipitsin
Tuesday, March 17, 2015 6:56 AM | 2 votes
let me explain.
there's kind of software called SpamAssassin.
if it marks message as spam, it reports like that
X-Spam-Status: Yes, hits=6.2 required=5.0 tests=REVERSE_AGING,VIAGRA
autolearn=no version=2.64-servername_config_v2
so, I can see why certain message was marked as spam.I see exact reason.I want the same with anti spam report included in exchange message. can someone help me ?
Ilya Shipitsin
Wednesday, January 13, 2016 1:15 PM
Hi Ilya,
i have the same problem. Have you found something helpful to decrypt this report or something to help understand this? I also like Spamassassin. You can see at a glance whats going on.
Simon
Wednesday, October 11, 2017 3:46 AM
Office 365 won't provide the same clear decodding as Spamassassin does, however if you can provide complete header, then I can help you check the possible reasons from it.
Normally SCL=9 is set because of High Confidence Spam and it usually either BCL/PCL was marked and you had selected "Mark Bulk as Spam" or else any option from Advance Spam Filtering hit it or Transport Rule matched.
Monday, January 22, 2018 12:18 PM | 1 vote
Hi, I have a very similiar problem and nobody from the diverse Microsoft support teams could help me fix it.
I'm sure that the answer is buried in those diagnostic/info - headers but I can't decode them. Is there any way to find out what the problem is? Any help would be much appreciated!
Some headers from my mail I feel could be important, would be happy to share more infos if needed:
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:AM5EUR03HT207;H:###REMOVED###;FPR:;SPF:None;LANG:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000109)(4604075)(4605076)(610169)(650170)(651021)(8291501071);SRVR:AM5EUR03HT207;
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-MS-Exchange-Organization-SCL: 6
X-Microsoft-Exchange-Diagnostics:
1;HE1PR0701MB2106;9:OOpc2cjqYG5Mk1JZ41bphDOepdbylmF0mRRK4DeplzXMuMkaOGOsLan5MyKLiUI4DXXSmGYd6nbcvN3bzaohB1s96RPfPOEQlMWQceTOq86KeNRZEPdf0A9i/nm8VlmOB0FTrX9gtvrheXTgpecI50LSDRTzrPkK9dKKnvauS0vBLVFLpeFgCKbLVWEm6qaYBfGpBXqHau0dhPHjiu5wiebk2QHBcObMttn0hxohufN8JkAguUM2m1Yo5sdOSZnh4fjoIsMditzXSqvIcld/v/j1jG7FHhAkKABE+awGlRCZ59lpG32tcx6geTaHm3l9Y9hZ5OfoLGH1cG4uqvAkaKUz/3VHC1Dys28q+U+hES7kKx0Cm8JrivV2PxJM7tHfqbV+yUspGf1ZNv/ppA+ekcfOVLus4l+IVYjnMa0CHer0eJ28izyQd1OA30Krf1zEB87p+C4LsdaxChJ9kLoKp17AQxwVithkR2X+F/11/wmSUH5dvHWCrj79trq8FNrYt4JtyG2GmfyFMF+bjIdOcU+mYg0Ei61OcIQ7Kr9KeObLJssDGaC3mXxWYtSxPdOhBiUzx6vJqWJPl8Hyps8rVmKpCHLNJD0AjGVlcD1DbvJ3bws/+dvvaaCnuav6qKh9c5Z+gmGKy2Ta44fPpLTOvay99kaCJ96Uoqmiovj9mDYb+0wcMQifuWxDYegep7zXqUU8MuY93OptSIKt0/1GHHdWAV9x7hWwZSSesvCtZuyLigLMIgHz6TXuI3mrdfQpZ01fBM5BX/HU9EMdfZsnD/RYGbXvOCqtiFlQkFuwS3dQ+zPPyQUvezKelCC1UuXH
X-Microsoft-Antispam-Message-Info:
mXSHczzKcSVU+GZjM1/jyIFQV94wSmYG8Dx3TKA6pZ25ln5cDIZHuQP2d6RQ6cMM3h+S32kNk1am2m43VsuUsU4JRtKmEI2980ZcEQCnCt+aQ+WLl1XDCQk9ElJ0Zgp7NYHxIqCtv7q5GhZ/p5bew9xXfSaSF+MkRK4u0+Bv+kDuxOnxp3f8rZV3neKUefoEJ8T8q2l2ChAOsrzWXSr1pEaoHI6uTTViLtVCHWjzeSBeAD9OLeMRmt6FbinzmMBYYWMKjlvd+LGXOrulvr+boQ==
X-Microsoft-Exchange-Diagnostics:
1;HE1PR0701MB2106;27:BbD9DpEERQYZTd64t2EEuT70KF62UywSO3ybk56OAG4+jsXqPgrYZBUbpLhW5Vl1toOPYzFAa2D8cY7XmNk4Kha6nUpCEP0dVNfaBOfIzCvU7yn6IHs0GtzK7mtTYa9G
Thursday, April 12, 2018 9:14 AM
Same here, I get requests from users why mails were regarded as Spam.
With the header I see SCL of 5, but I want to answer why this mail was related as Spam!
Best,
Matthias
Monday, May 7, 2018 7:44 AM
There is some information on decoding the X-Forefront-Antispam-Report header here:
https://technet.microsoft.com/en-us/library/dn205071.aspx
But it's still lacking in details. They need a comprehensive reference to the codes in these headers...
Wednesday, October 30, 2019 11:17 AM | 2 votes
This is just marketing talk, not helpful in any way. And obviously, years later, it doesn't really work.