Article ID: 2669119 - View products that this article applies to.
Legitimate incoming mail is identified as spam for a mailbox that Microsoft Forefront Online Protection for Exchange (FOPE) helps protect. Mail is routed in one of the following ways:
This issue may occur if one of the following conditions is true:
Before you try to correct other issues, it is important to identify whether there are sender reputation issues on the SMTP server that is sending the mail item. If this is the case, note the following:
Collapse this tableExpand this table
The sender reputation score is most directly related to the following aspects of SMTP server setup:
Understanding Sender Reputation
To resolve this issue, use one of the following methods, as appropriate for your situation.
Method 1: De-activate Additional Spam Filtering optionsAdditional Spam Filtering (ASF) options enable you to customize aspects of email messages that should adversely affect spam scoring. When a mail item is identified by using one or more active ASF options, the spam score increases the probability that FOPE will identify and quarantine that item as spam. For more information about how to use ASF, visit the following Microsoft TechNet website:
Configuring Additional Spam Filtering OptionsNote Mail items that are identified as spam by ASF options cannot be overridden by spam signature changes to the FOPE service. These false-positives must be corrected by de-activation of the ASF option that is bumping the email message spam score over the threshold.
Method 2: Submit false-positive samples to FOPE Spam TeamThe spam-scanning heuristics of the FOPE data center have to be updated to exclude the signature of the email message that is received. In this case, identify the item as spam to the FOPE team by using either of the following methods:
(mailto:email@example.com). The filtering process is not immediate and sometimes requires improving several rules or creating a new rule, and this may take an extended time. Although FOPE helps protect users from any unwanted mail, FOPE must also weigh these changes and improvements to make sure that legitimate mail is not filtered out. Continue to send examples of offending messages so that the Spam Team can fine-tune the filtering rules to be as accurate as possible.
A submission report is available in the FOPE Administration Center to verify how many submissions the organization is creating. For more information about the kinds of reports that are available in FOPE, visit the following Microsoft TechNet website:
Understanding the Types Of Reports Available in FOPE
Method 3: Adjust custom policy rulesFOPE administrators have the additional option of managing their own logic for spam filtering. This includes enabling, quarantining, or rejecting mail items based on customized, customer-controlled criteria. Custom policy rules can be used to either tighten or loosen the spam scanning security profile based on customer needs.
Note You may have to use this method either to establish spam filtering bypass rules or to loosen up previously created policy rules that are falsely identifying legitimate email message as spam.
For more information about how to create customer policy rules, visit the following Microsoft TechNet websites:
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.