Junk E-Mail what is going on?

Did you know that Outlook and Exchange both have their own antispam filtering mechanism and that they are working independent?

Have you ever been wondering why Outlook still places emails in “Junk E-mail” folder even when you have turned “Junk E-Mail” filtering off?

In this post I will try to Explain why and what to do. As usual this is taken from daily experience at customers.

Lets simulate a real life scenario.

We receive an E-mail from Billy Bob and it is placed in the ‘Junk E-mail’ folder. From Outlook 2007 SP2 and up the infobar will tell if Exchange or Outlook did this. As we can see Outlook Junk Email filter marked this message as spam.

01

Lets check the Junk E-mail Options.

Junk E-Mail

As we can see it’s turned on – set to “low”.

Now lets check the MailboxJunkEmailConfiguration in Exchange.

Junk E-Mail

As you can see ‘Enabled’ is set to ‘false’. Thats not the default setting, but I changed it prior to this test.

Now when we know that only Outlooks Junk Email filter is active, lets try to add Billy Bob to the ‘Safe Senders’ list.

Junk E-Mail

Even though both Outlook and Exchange have their own filters, these lists are common. As you can see, you can also see what was added in the Outlook client, using the Get-MailboxJunkEmailConfiguration cmdlet.

Junk E-Mail

Now lets ask Billy Bob to send a new email. As expected it now goes to the Inbox.

Junk E-Mail

An interesting thing to know is that Outlook doesn’t care about what SCL level Exchange gives the message. It lives its own life, except if the SCL is set to -1. I usual add a transport rule at customers which sets the SCL to -1 on every e-mail containing their own domain in the email address. Why? Due to the fact that they will let printers and scanners relay mails anonymous. To prevent all the scanned documents go to ‘Junk Email’ I’ll create a transport rule.

Now lets create a transport rule, setting the SCL to -1 for the klaphat.com domain. We will also remove bbo@klaphat.com from the Safe Senders list again so we can see if this works.

Junk E-Mail

Now the mail (Test 3) goes directly to the inbox.

Junk E-Mail

Lets take a look at the emails header just to see if we can verify that Exchange did set the SCL to -1. We will look for the X-MS-Exchange-Organization-SCL attribute.

Junk E-Mail

What will happend if adds Billy Bob to the block list? Who will win? Exchange or Outlook?

Junk E-Mail

Lets check its the setting can be seen in Exchange.

Junk E-Mail

Now Billy Bob sends a new message and as we can see it goes to the ‘Junk E-Mail’ folder. That makes sense. Even though we change the SCL to -1 we still tells Outlook to move it to ‘Junk E-mail’.

Junk E-Mail

But what would happend if we didn’t let Outlook see the message? If we ask Billy Bob to send another message and we log in to the OWA instead. Lets try and see.

Junk E-Mail

I guess you llready knew what was going to happen. Since we have disabled Junk Email completely in Exchange, the message will go to the Inbox.

Now when we start Outlook to read the message, there will be no surprise when Outlook moves the message to “Junk E-Mail”, because that is excactly what will happen.

Junk E-Mail

Now lets try one last thing. Lets enable the JunkEmailConfiguration in Exchange and try one more time.

We are using the Set-MailboxJunkEmailConfiguration stp -Enabled:$true
Junk E-Mail

Now Billy Bob sends one more e-mail. And we will log into the OWA and see what happends.

Junk E-Mail

Now it goes to the Junk E-Mail folder and thats because we turned this feature on in Exchange.

Conclusion.

My goal with this post was to make clear that both Outlook and Exchange have their own junk e-mail mechanisms.

They can be turned on and off independant of each other. The only thing they have in common is the ‘Safe Senders’ (called Trusted Senders in Exchange) and the ‘Blocked Senders list.

Sometimes this can be very confusion not at least for the end users.

My recommendation is to turn off smart filter screening in both Outlook and Exchange and then have a 3rd party screening your mails for spam. This could be an Microsoft Exchange Edge server, a partner or an appliance e.g. Barracuda Spam Firewall or Vircom Modusgate.

Thanks for reading.
Regards.
Steen

5 thoughts on “Junk E-Mail what is going on?

  1. Jens Jönsson

    Hej Steen,

    Rigtig god artikel. Du har fuldstændigt ret, når du siger at det forvirrer brugerne, hvis både Exchange og Outlook laver filtrering af e-mails. Det har vi oplevet flere gange.
    Vi anbefaler vores VELOCIsecure mailscan kunder at slå det fra både i Outlook og på Exchange serveren, sådan at det er vores mailscanner der gør arbejdet.

     
    Reply
    1. SteenPedersen

      Hej Jens

      Tak for kommentaren. Jeg sørger også typisk for at slå det fra hos kunder. Enten har de selv en in-house løsning, eller også plejer de at have det hos Comendo eller Symantec 🙂

      Mvh
      Steen

       
      Reply
  2. Josh

    remove the filter outlook 2007 client, remove the filter owa, and continues to send emails from my inbox to the junk folder.

    thanks for your help!

     
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *