Understanding the Exchange Server Spam Confidence Level

If you are sent to Exchange Server anti-spam features, or take a look at the head of an e-mail through an Exchange server, you probably met before SCL-term review.

SCL is synonymous with spam confidence level. It is the "score", which Exchange Server anti-spam, based on an e-mail to e-mail content attributes. This score is then used to make decisions about how to fight spam is suspected based on the thresholds configured by the Exchange administrator.

The SCL score is calculated and paid by the agent content filtering, which examines the entire contents of an e-mail messages for patterns that indicate to follow. Once the SCL score calculated was added to the header of the message.

In this excerpt from a sample header, you can SCL value used by the seventh

X-MS-Exchange Organization-SCL: 7

As the SCL is used by Exchange Server

The SCL score can then lead to specific actions occur. The Exchange server, the following actions on the SCL-base:

* Delete - delete the message without notifying the sender or recipient.
* Reject - the message is a notification to the sender, and not rejected, but the recipient.
* Quarantine - the message in a mailbox does not notify the sender or consignee under quarantine. Normally, only administrators by e-mail access to the quarantine mailbox.
* Junk - the message is sent to the recipients spam folder.

SCL scores range 0-9 with 0 meaning not to be spam, and 9 means very likely spam. There is also a -1 score for trust in e-mails. An SCL -1 were applied to messages sent between the beneficiaries of the same Exchange organization or external messages from senders in any way whitelist sent e-mail.

The SCL is then for each activity. However it is important to understand that actions are evaluated in a certain order.

Remove the first action should be assessed. If the SCL equal to or greater than the threshold, then delete the message is erased. If not, or if it is configured to delete a line, then moved to the next test - to reject.
Reject The second half measure will be reviewed. If the SCL is at or above the rejection threshold, the message is removed. If not, or if no threshold is configured to refuse, then move to the next test - a quarantine.
The third is to assess the quarantine measures in the third. If the SCL equal to or greater than the threshold of the quarantine, the message is quarantined. If not, or no-quarantine threshold is set, it is the Hub Transport server is specified as the server mailbox.
The fourth voice mail server is beyond the threshold of junk e-mail address where you have to configure the organization or the recipient of the e-mail. If the SCL Junk E-mail exceeds the threshold given folder for junk e-mail from the mailbox and the recipient can access via Outlook.

Where are the appropriate thresholds SCL

If you understand the sequence of processing for different actions based on LIBS can see how important it is to your configuration is correctly made. There is no point with a threshold of spam for seven years, when the e-mails will be deleted for SCL of 6.

Remove and allow thresholds should be established to remove most spam. The quarantine is voluntary, and I personally find it quite cumbersome, so I would not be better all possible, and instead, use the threshold of junk e-mail spam management less opportunity to extend the scope of it the end user.

It is also important to understand that the content filtering agent in the fight against spam, which previously, deterministic test done as connection filtering, blocking SMTP connections from known spam sources.

The filter agent connection will often as much as 95% of the spam filter so that the agent content is fine-tuning to remove much of the remaining 5% of the spam inboxes, without a number unacceptable false alarm.
Other applications of the SCL

The SCL can also be used as criteria for transport rules on the Exchange server. One way to use them is to create a transport rule, copies of all blind email, meets or exceeds a certain SCL to another mailbox. The contents of the mailbox can be used to estimate the number of false alarms, the current configuration can be created, and some are fine-tuning adjustments.

Another alternative would be a rule that transport is a disclaimer to all e-mails are spam threshold to switch to configure. The warning text can explain the process that users can move from a white list of trusted senders, so that in future e-mails are not treated as spam, without the help-desk support, contact.

In short, a detailed understanding of the SCL and how it is used in Exchange Server Anti-Spam e-mail administrator for the best application performance anti-spam.