Machine Learning Verdict. But it was the BCL value of the sending IP that classified it as SCL:9 High Confidence Spam..
Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Stefano Bagnara Sent: Tuesday, May 23, 2017 5:24 AM To: mailop <mailop@mailop.org> Subject: [mailop] Hosted exchange/Office 365 specific domain junk issue (MLV:ovrnspm) Hi all, One of my customer is sending an email to 2000 recipients in the unicampania.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Funicampania.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C1709f6dca22f4b6c9ee308d4a1d85109%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636311397820342048&sdata=v0q%2Bu8429kdiBqte2uIZQRI6HsK%2BCHyo%2F%2F0CumcJWdc%3D&reserved=0> domain (the domain is a university domain and the sender is a labor-union for the university employees), a domain hosted pointing to the outlook protection MX and using an hosted exchange service. Here is an excerpt of the junked email their postmaster sent back to me: X-Forefront-Antispam-Report: CIP:213.171.189.21;IPV:NLI;CTRY:IT;EFV:NLI;SFV:SPM;SFS:(8196002)(31630200002)(3000300001)(438002)(286005)(359002)(199003)(349900001)(189002)(349012);DIR:INB;SFP:;SCL:9;SRVR:AM4PR0501MB2274;H:ms21.mailvox.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fms21.mailvox.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C1709f6dca22f4b6c9ee308d4a1d85109%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636311397820342048&sdata=bDRwhXK79U8jCj6O7ISNV1tVzLO7Jrs2o4fsANs%2BURQ%3D&reserved=0>;FPR:;SPF:Pass;MLV:ovrnspm;A:1;MX:1;PTR:ms21.mailvox.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fms21.mailvox.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C1709f6dca22f4b6c9ee308d4a1d85109%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636311397820342048&sdata=bDRwhXK79U8jCj6O7ISNV1tVzLO7Jrs2o4fsANs%2BURQ%3D&reserved=0>;CAT:HSPM;LANG:it; X-DkimResult-Test: Passed X-Microsoft-Antispam: UriScan:;BCL:7;PCL:0;RULEID:(22001)(421252002)(81800236)(3001016)(71702078);SRVR:AM4PR0501MB2274; X-Exchange-Antispam-Report-Test: UriScan:(81227570615382); X-Exchange-Antispam-Report-CFA-Test: BCL:7;PCL:0;RULEID:(601004)(701104)(2401047)(13018025)(8121501046)(13016025)(9101536074)(10201501046)(3002001)(93006095)(93005095);SRVR:AM4PR0501MB2274;BCL:7;PCL:0;RULEID:;SRVR:AM4PR0501MB2274; X-CustomSpam: Bulk Mail | Bulk Mail SpamDiagnosticOutput: 1:6 SpamDiagnosticMetadata: Default:7 X-MS-Exchange-Organization-SCL: 6 I'm in touch with the unicampania.it<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Funicampania.it&data=02%7C01%7Cmichael.wise%40microsoft.com%7C1709f6dca22f4b6c9ee308d4a1d85109%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636311397820342048&sdata=v0q%2Bu8429kdiBqte2uIZQRI6HsK%2BCHyo%2F%2F0CumcJWdc%3D&reserved=0> admin that say that they have no specific filter and they started using hosted exchanged only recently. If I send the same message to my own office365 hosted account (on a different domain) it is delivered in inbox with SCL=1 instead of SCL=9 (and with BCL:2 instead of BCL:7). Does anyone know what are the meanings of the "MLV" part of the header? This is the first time I see that "MLV:ovrnspm". We all guess what spm is for, but what about "ovrn" ? The receiving postmaster told me that they are using an "almost unconfigured" version of hosted exchange and they didn't apply any specific rule (the postmaster for the receiving domain know the sender). I know how to open a ticket for the Outlook.com platform, but this is something specific to the hosted exchange (and maybe specific to a custom domain, even if they didn't configure anything): is there an only form for office365/hosted-exchange issues? Stefano -- Stefano Bagnara Void Labs / VOXmail.it Apache James/jSPF/jDKIM
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop