Exclude SPF Pass From content filtering

Hi , Friends
I would like to exclude any email with Sender Policy Framework (SPF) record passed from content filtering.
Any email with SPF record "Received-SPF: Pass" should be excluded. Please help   

 

March 29th, 2015 6:01am

You could mess around with hub transport rules, however in the case of Office 365, the SPF header doesn't get stamped until after the transport rules run on the cloud side, so it wouldn't work in that scenario.

Not sure why you want to do this regardless, SPF protects against spoofing. If you are getting spam from a hacked gmail account, then you would whitelisting it simply because it passed SPF. SPF should not be used as a definitive indicator of SPAM.

Better to whitelist those known sending IPs that you don't want to do content checking against.

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 11:56am
Not only email from free email provider like Gmail . The above header is from ISP billing statement .It goes to spam without any valid reason. any solution ?
March 29th, 2015 4:39pm
Not only email from free email provider like Gmail . The above header is from ISP billing statement .It goes to spam without any valid reason. any
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 7:12pm
This can not be considered as a solution. Manually configure each server is not easy. 
March 30th, 2015 12:19am
This can not be considered as a solution. Manually configure each server is not easy. I have already configured spamha
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2015 4:18am

The real issue is many email with header "Received-SPF: Pass" also going to quarantine email address as specified in the content filtering configuration . I want to exclude it

Get-ContentFilterConfig
RunspaceId                            : 771a9992-2a79-466a-9186-89a8a9e6ad1d
Name                                  : ContentFilterConfig
RejectionResponse                     : Your message was rejected because it appears to be SPAM by Islamweb spam
                                        intelligence team.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients                    : {}
QuarantineMailbox                     : administrator@1234web.net.nl
SCLRejectThreshold                    : 8
SCLRejectEnabled                      : False
SCLDeleteThreshold                    : 9
SCLDeleteEnabled                      : False
SCLQuarantineThreshold                : 9
SCLQuarantineEnabled                  : True
BypassedSenders                       : {noreply@1234web.net, fatwahelp@1234web.net.nl, noreply@1234web.net.nl,
                                        noreplay@1234web.net.nl, noreplay@1234web.net, timea@1234web.net.nl}
BypassedSenderDomains                 : {providesupport.com}
Enabled                               : False
ExternalMailEnabled                   : True
InternalMailEnabled                   : False
AdminDisplayName                      :
ExchangeVersion                       : 0.1 (8.0.535.0)
Identity                              : ContentFilterConfig
Guid                                  : 27950756-e31f-4428-81f3-5f96c558d96d
ObjectCategory                        : 1234web.net.nl/Configuration/Schema/ms-Exch-Message-Hygiene-Content-Filter-Con
                                        fig
ObjectClass                           : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged                           : 11/2/2014 8:07:27 AM
WhenCreated                           : 5/21/2007 9:11:23 AM
WhenChangedUTC                        : 11/2/2014 5:07:27 AM
WhenCreatedUTC                        : 5/21/2007 6:11:23 AM
OrganizationId                        :
OriginatingServer                     : DC2.1234web.net.nl
IsValid                               : True
ObjectState                           : Unchanged


March 30th, 2015 6:17am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics