locked
Microsoft Office365 Mailprotection Antispam Headers RRS feed

  • Question

  • I have a questeion about some Fields in the X-Microsoft-Antispam Headers:

    1) In X-Microsoft-Antispam-Message-Info: What does the Text mean - looks like Base64 but if you decode it, you can't read it. Which Infos does it provide? How can i read it?

    2) In X-Microsoft-Antispam i get RuleIDs and in X-Forefront-Antispam-Report i get SFS which provides Rule-IDs. How can i find out, what these Rules say - so i can check what triggerd that a message was marked as spam: Is there a way to read the rules for the IDs??

    Thanks

    Arnold

    Friday, May 10, 2019 9:48 AM

Answers

  • Sorry - not realy...

    Because when my users ask me: My did (you) mark this mail as spam - i can't realy answer them. Of course sometimes you can guess (if spf-check fails...) - but everything else is guesswork

    And what bugs me: There is a field calld "X-Microsoft-Antispam-Message-Info" - and it dosn't give you infos, because you cant read it :-( so its useless...

    But thanks anyway - i was afraid i am to stupid to use google - but it seams nobody knows what this field does

    So i keep on guessing....

    Arnold

    No need to guess. I think you are overthinking this to tell you the truth. You tell them what I tell them. We have no idea why a message was marked as SPAM for content. That's proprietary. If you dont want it marked as such, please add it to your safe sender. 


     
    • Marked as answer by Andy DavidMVP Friday, August 9, 2019 10:33 AM
    Tuesday, May 21, 2019 10:18 AM

All replies

  • I have a questeion about some Fields in the X-Microsoft-Antispam Headers:

    1) In X-Microsoft-Antispam-Message-Info: What does the Text mean - looks like Base64 but if you decode it, you can't read it. Which Infos does it provide? How can i read it?

    2) In X-Microsoft-Antispam i get RuleIDs and in X-Forefront-Antispam-Report i get SFS which provides Rule-IDs. How can i find out, what these Rules say - so i can check what triggerd that a message was marked as spam: Is there a way to read the rules for the IDs??

    Thanks

    Arnold

    1. This is what is avail for public documentation. It may not answer all your questions, but this should answer most: https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spam-message-headers

    2. you wont see anywhere what "rule" to be marked as SPAM. Thats proprietary. If you have transport rules, you can look at message tracking to see what rules were triggered. Be sure to set auditing to high 

    • Proposed as answer by Manu Meng Monday, May 13, 2019 11:30 AM
    Friday, May 10, 2019 11:58 AM
  • Thanks - i know this page - but there is no info about "X-Microsoft-Antispam-Message-Info" - and i havn't found any info in the internet about this field - and since the field is calld "info": I would realy like to know which info it is giving me :-)

    For the Rules: Can i query all the Spam-Filter Rules with PowerShell?

    Monday, May 13, 2019 10:57 AM
  • Thanks - i know this page - but there is no info about "X-Microsoft-Antispam-Message-Info" - and i havn't found any info in the internet about this field - and since the field is calld "info": I would realy like to know which info it is giving me :-)

    For the Rules: Can i query all the Spam-Filter Rules with PowerShell?

    No, there are no anti-spam rules that you can query. By rules, I meant any transport rules you created.

    The doc linked before is really the only public documentation. As I mentioned, anti-spam logic is proprietary, so you will never know for sure why something was marked as such necessarily. 

    Monday, May 13, 2019 11:15 AM
  • And X-Microsoft-Antispam-Message-Info is useless also?

    So there is now way to answer the question, why a mail was marked as spam?

    Thanks anyway

    Arnold

    Monday, May 13, 2019 2:10 PM
  • And X-Microsoft-Antispam-Message-Info is useless also?

    So there is now way to answer the question, why a mail was marked as spam?

    Thanks anyway

    Arnold

    No, other than looking at those headers for some clues if it fails some checks or is on a blocklist etc.... If a message is marked as SPAM for *content* you will really never know why. The fix of course is to whitelist senders when you dont want them blocked. 
    Monday, May 13, 2019 4:31 PM
  • Just checking in to see if above information was helpful. Please let us know if you would like further assistance

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, May 14, 2019 11:09 AM
  • Sorry - not realy...

    Because when my users ask me: My did (you) mark this mail as spam - i can't realy answer them. Of course sometimes you can guess (if spf-check fails...) - but everything else is guesswork

    And what bugs me: There is a field calld "X-Microsoft-Antispam-Message-Info" - and it dosn't give you infos, because you cant read it :-( so its useless...

    But thanks anyway - i was afraid i am to stupid to use google - but it seams nobody knows what this field does

    So i keep on guessing....

    Arnold

    Friday, May 17, 2019 6:43 AM
  • Hi Arnold,

    I totally understand your feelings. Keeping curiosity and thirst for knowledge is never a bad thing.

    Not all the questions would have their accurate answers, especially for such proprietary information. You are smart enough to get the answers if they are really retrievable from the public resource, but actually we could not. To be honest, regardless of the public links, amount of the internal documents related to Antispam Headers is also very very limited. 

    You could just explain to your customers, let them know you have tried your best to find the answers. 

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, May 21, 2019 10:13 AM
  • Sorry - not realy...

    Because when my users ask me: My did (you) mark this mail as spam - i can't realy answer them. Of course sometimes you can guess (if spf-check fails...) - but everything else is guesswork

    And what bugs me: There is a field calld "X-Microsoft-Antispam-Message-Info" - and it dosn't give you infos, because you cant read it :-( so its useless...

    But thanks anyway - i was afraid i am to stupid to use google - but it seams nobody knows what this field does

    So i keep on guessing....

    Arnold

    No need to guess. I think you are overthinking this to tell you the truth. You tell them what I tell them. We have no idea why a message was marked as SPAM for content. That's proprietary. If you dont want it marked as such, please add it to your safe sender. 


     
    • Marked as answer by Andy DavidMVP Friday, August 9, 2019 10:33 AM
    Tuesday, May 21, 2019 10:18 AM
  • you are right - and this was and will be my answer most of the time :-)

    primarily i was curious if somebody can read this info and what is its content - but it seams i have to live with not being able to read it

    thanks anyway

    Arnold

    Tuesday, May 21, 2019 12:23 PM
  • you are right - and this was and will be my answer most of the time :-)

    primarily i was curious if somebody can read this info and what is its content - but it seams i have to live with not being able to read it

    thanks anyway

    Arnold

    You are welcome! 

    Andy is right, adding to safe sender list could save your time!

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, May 24, 2019 10:00 AM
  • Adding to safe senders is a bad idea, because it opens up for spoofing.

    I wonder if there is a uservoice for MS to publish X-Microsoft-Antispam RuleIDs..

    BR, Ruslan

    Thursday, August 8, 2019 1:08 PM
  • Adding to safe senders is a bad idea, because it opens up for spoofing.

    I wonder if there is a uservoice for MS to publish X-Microsoft-Antispam RuleIDs..

    BR, Ruslan

    That will never happen
    Friday, August 9, 2019 10:34 AM