SMTP

Share

Is this article helpful?

Last updated:

Routing Spam and Graymail to Microsoft Quarantine

Many organizations want to ensure that emails identified as spam and graymail never reach the user's Inbox or Junk folder, but are instead held in the Microsoft 365 Quarantine. Defend injects specific headers into the metadata of an email after analysis. The following headers are added to spam and graymail email headers:

  • X-Egress-Defend-Spam
  • X-Egress-Defend-Graymail

You can trigger actions based on these two header values. Therefore, mail flow rules can be used to trigger emails containing these header values being sent to the Microsoft 365 Quarantine. 

Send Spam to Quarantine

To ensure spam bypasses the user entirely and is sent to quarantine, the following mail flow rule can be configured. This mail flow rule assumes you have your anti-spam policy set so that emails with a spam confidence level (SCL) of nine go to quarantine. This setting is the default for Microsoft 365.

To create the mail flow rule, follow the steps below: 

  1. Log in to the Exchange Admin Center (EAC).
  2. Navigate to Mail flow > Rules.
  3. Click + Add a rule > Create a new rule.
  4. On the Set rule conditions page, enter a name for the rule in the Name field. 
  5. Under Apply this rule if…, select to apply to The message headers > Includes any of these words:
    1. Header: X-Egress-Defend-Spam
    2. Value: true
  6. Under Do the following, select Modify the message properties > set the spam confidence level (SCL)
  7. Use the drop-down menu to specify the SCL as 9.
  8. Click Save.
  9. Click Next
  10. Configure the rule settings as required. 
  11. Click Next
  12. Click Finish.

Send Graymail to Quarantine

To ensure graymail bypasses the user entirely and is sent to quarantine, the following mail flow rule can be configured. This mail flow rule assumes you have your anti-spam policy set so that emails with a spam confidence level (SCL) of five go to quarantine. This setting is the default for Microsoft 365.

To create the mail flow rule, follow the steps below: 

  1. Log in to the Exchange Admin Center (EAC).
  2. Navigate to Mail flow > Rules.
  3. Click + Add a rule > Create a new rule.
  4. On the Set rule conditions page, enter a name for the rule in the Name field. 
  5. Under Apply this rule if…, select to apply to The message headers > Includes any of these words:
    1. Header: X-Egress-Defend-Graymail
    2. Value: true
  6. Under Do the following, select Modify the message properties > set the spam confidence level (SCL)
  7. Use the drop-down menu to specify the SCL as 5.
  8. Click Save.
  9. Click Next
  10. Configure the rule settings as required. 
  11. Click Next
  12. Click Finish.

Was this article helpful?

0 out of 0 found this helpful

Can't find what you're looking for?

Contact Support