Creating Exchange Online bypass spam rule – whitelist specific sender E-mail address | Part 3#6

In the following article, we will provide “step by step” instructions for creating Exchange Online bypass spam rule, that will prevent the “spam check” that the Exchange Online mail server performs for a specific E-mail address.

The current article is the continuation of the previous article. A quick reminder, in the previous article, we learn how to configure our WordPress site to address Exchange Online mail server.

We manage to successfully send E-mail to an organization recipient, but the main problem was that the E-mail that was sent from the WordPress site, was “stamped” as spam mail by the Exchange Online server (because we didn’t provide any user credentials).

Our request is – to “tell” the Exchange Online mail server not to treat E-mail that is sent from the WordPress site as a “problematic E-mail.”

In our scenario, the WordPress send E-mail by using the E-mail address – support@o365info.com

To be able to ” instruct ” Exchange Online not to execute the spam verification on the E-mail addresses support@o365info.com, we will create an Exchange Online rule that described as – bypass spam rule.

The rule will instruct the Exchange Online mail server to “stamp” each E-mail that sent from the E-mail address support@o365info.com using the SCL score of “-1”.

Part 1#2 – configuring the “condition part” of the Exchange Online Bypass spam rule

• Log in to the Exchange admin portal
• On the left menu bar, select – mail flow
• On the top menu bar, select –rules
• Click on the plus icon
• Select – Create a new rule…

• Click on the – More Options… link (by default, the interface of the Exchange Online rule, includes only a limited set of options. To be able to display the additional options, we will need to “activate” the More Options…).

• In the Name: box, add a descriptive name for the new rule.
  In our specific scenario, we will name the rule – Approve E-mail send by support@o365info.com
• In the section named –Apply this rule if… click on the small black arrow

Condition 1#1

• Choose the primary menu –The sender…
• In the submenu, select the option –Is this person

• In our example, we add the E-mail address of the “WordPress support” (support@o365info.com).
• Click – Check names

• Click – OK

Part 2#2 – configuring the “action part” of the Exchange Online Bypass spam rule

In this step, we configure the “second part” of the Exchange Online rule, in which we define the required Exchange response (action) to a scenario in which the “source sender” E-mail address is support@o365info.com

In our scenario, we ask from Exchange Online not to implement spam check on E-mail messages that sent by this recipient!

If we want to use more technical terms, we will instruct Exchange Online to set the SCL value of E-mail message that sends from the E-mail address support@o365info.com to “-1”.

In Exchange based environment, the meaning of SCL=-1 is translated into “this is a secure E-mail message”.

• In the section named –*.Do the following… click on the small black arrow.

• Select the menu option –Modify the message security…
• In the submenu, select – Set the spam confidence level (SCL)

• Click on the small arrow to select the required SCL value

• Select the option – Bypass spam filtering. The option of ” Bypass spam filtering” will
  stamp the E-mail message with the SCL value of “-1”.

• Click OK

In the following screenshot, we can see the “final result.”
The Exchange Online Bypass spam rule includes two parts – the condition part and the action part.

• Click Save

Analyzing the information stored in the E-mail header.

To be able to understand better the process that is implemented by the Exchange Online bypass spam rule, we will analyze the information stored in the E-mail header.

In our example, we analyze the E-mail header content using the Microsoft Message Header Analyzer.

Just a quick reminder, in our scenario the WordPress site address Office 365 mail server without providing any user credentials.

Sender’s identity

In Exchange based environment, the information about the sender identity stored in a mail field named –X-MS-Exchange-Organization-AuthAs =Anonymous

In our specific scenario, we can see that the value that appears in the X-MS-Exchange-Organization-AuthAs is Anonymous

The meaning is that from the Exchange server point of view, the sender is “unknown.” Usually when the sender considered “unknown” and in addition, he uses the organization E-mail address (o365info.com in our example) this is a sign for a Spoof mail attack!

By default, Exchange server was supposed to stamp this E-mail message using high SCL value!

The E-mail message SCL value

Exchange stores the information about the “spam score” of specific E-mail in the mail field-
X-Forefront-Antispam-Report.

The “spam score” is represented by a value named – SCL (spam confidence Level).

The SCL grade range starts with -1 and end with 9

In our example, the SCL values identity “-1”.
The meaning is that Exchange Online server will not implement a “spam check” for this E-mail message because the SCL value “-1”, tell Exchange Online that the E-mail message is “trusted.”

The next article in the current article series

Configure your WordPress site to send E-mail via Exchange Online (Office 365) provide user credentials | Part 4#6