Exchange 2007: Move messages with SenderID fail to Junk Mail Folder?

Question

In Exchange or Outlook 2007, is it possible to move messages with a "Fail" or "SoftFail" SenderID status to a mailbox's Junk Mail folder?

I keep getting spam that fails SenderID, but has very low SCL's. I'd like them put in Junk Mail so that users can at least review their spam.

The solution is to create a transport rule that sets the SCL level to a number that will cross the SCLJunkMail threshold based on the SenderID status.

The only way to do this is to match a text pattern on the message header for the apppropriate SenderID status.

Which version of exchange are you using? – Sam Cogan Jul 07 '09 at 18:39 — Sam Cogan, Jul 07 '09 at 18:39
2007, as noted in the Question. – Matias Nino Jul 07 '09 at 18:46 — Matias Nino, Jul 07 '09 at 18:46

Sam Cogan · Accepted Answer · 2009-07-07T19:29:55.357

According to Technet:

Outlook neither displays the Sender ID status nor necessarily flags a message as junk at certain Sender ID values. Outlook uses the Sender ID status value only during the calculation of the SCL value.

If you are using Exchange 2007 you could setup a transport rule that adjusts the SCL level based on the Sender ID status, so that it is picked up by the junk filter. Alternatively you could adjust your SCL level so that emails with invalid Sender ID are picked up as spam, but that may lead to more false positives.

To setup a transport rule you need to look in the header, the SenderID filter adds the following to the email header:

X-MS-Exchange-Organization-SenderIdResult:<status>

So you need to create a transport rule to do the following:

Conditions: When a message header contains specific words (failed status's)
Actions: set the spam confidence level to value
Exceptions: except when the text specific words appears in a message header.
(valid status's)

This is helpful! However, how do you check the Sender ID status in a Transport Rule? — Matias Nino, Jul 07 '09 at 18:52

score 1 · Answer 2 · answered Jul 07 '09 at 18:48

All you can do is opt to reject or delete the message, which is set either in Organization Config -> Anti-Spam -> Sender ID properties (action tab), or with the Set-SenderIDConfig cmdlet.

It's a bit of a pain that you can't do anything else with it, unfortunately.

Edit: Looking at Sam's answer, you could use the Transport Rule to identify messages that have failed SPF by inspecting their headers. The Exchange anti-spam header looks like this:

X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus Pass;OrigIP:206.19.49.34

So if you could write a regex pattern to look for "fail" after the SenderIDStatus, then you're there!

Exchange 2007: Move messages with SenderID fail to Junk Mail Folder?

2 Answers2