Deciphering spam headers for Office365 recipients

Emails going to Office365/Exchange online mailboxes landing in spam? Want to know why?  Here's how to read the output of Microsoft's spam filtering service.

 

This applies to all emails sent to these mailboxes, not just Nylas.

 

First, you want to locate the spam header in the raw message of the email. It begins with "X-Forefront-Antispam-Report"

 

The value is going to be a pile of acronyms and colons. We are going to use this document to decipher it: https://learn.microsoft.com/en-us/defender-office-365/message-headers-eop-mdo

 

With this value, look for the characters IPV. If you find "IPV:NLI", that means the sending IP wasn't found on a spam blocklist. If it says "IPV:CAL" it means the recipient has explicitly allowed all email from this IP. If you don't see either, you may have an IP spam reputation problem and should check your sending IP here: https://mxtoolbox.com/blacklists.aspx. Check with the email administrator if anything comes up positive on that web site or if you are unsure about your sending IP.

 

Remember that Nylas does not send emails, but hands them off to the user's email server for sending. So all emails sent through Nylas will use the email server's IPs.

 

Next, look for SCL. That stands for Spam Confidence Level and if the number after it is greater than 1, your message body looked spammy. More than 4 and the email is probably going into the Spam folder because of the content of the message. If you see anything more than 1, your message body looks spammy and you should revise the content of your message to ensure good deliverability.  If it's -1, it means the recipient marked this sender as safe and the message content won't be scanned for spam.

 

Then we go to SFV which is the summary of the anti-spam filter's findings. 

  • BLK: Sender was blocked by recipient and is automatically blocked.
  • SFE: Sender was flagged by recipient as a Safe Sender and is automatically allowed.
  • SKA: Sender was flagged by the email admin or email provider as a Safe Sender and is automatically allowed.
  • SKB: Sender was flagged by the email admin or email provider to be blocked.
  • NSPM: This message was found to be Not Spam
  • SKN: Sender automatically allowed.
  • SKO: The email was placed in quarantine but released to the mailbox.
  • SKS: The content (SCL) of this message was spammy enough to be placed in the Spam folder.
  • SPM: The filter automatically determined this message as spam without further explanation.
  • BLK: The filter flagged this email as spam due to spam complaints.

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.