Solved: [Marketing] to Outlook Junk Mail

wrightsreprints · ‎02-02-2016

We are currently using the [MARKETING] feature under the Cisco IP and for the most part, it seems to work well. We want to get these items out of the users INBOX. I believe there is a way to use message headers so that Exchange would automatically push emails to the JUNK mail folder. Anyone doing this?

Second, we want to give users the option to whitelist; declassify a message marked as [MARKETING], so that those messages would continue to be sent to their INBOX. I see with the plugin for Outlook, a user can mark a message as MARKETING but if the message is already marked, does it unmarked it?

Guy Schutt · ‎02-09-2016

Hi Wright,

I just solved this same problem for my Company.

1)On your Inbound Policy add a custom header to any messages that are flagged as Marketing.

2)In Exchange create a transport rule that looks for the header value

If the message:
'X-IPASS-MARKET' header contains ''True''
Take the following actions:
Set the spam confidence level (SCL) to '5'

3)Make sure your Organization config is set to a value lower than your rule:

[PS] C:\Windows\system32>Get-OrganizationConfig | fl *scl*

SCLJunkThreshold : 4

4) make sure users mailboxes have this set.

set-mailboxjunkemailconfiguration -mailbox user -enabled:$true

All of those messages will now go directly to junk folder and users can Manage it with their black list / whitelist.

View solution in original post

Mathew Huynh · ‎02-03-2016

Hey Wright,

While I'm not sure on exchange, on the esa you can alter the spam scanners to add a header as well as subject line prepend for marketing email in its setting, advanced tab.

However the exchange is out of my expertise so I am unaware if it can use these headers.

Your end users can manually create a mailbox rule to send all emails with [marketing] to their junk mail or another folder.

For users to mark emails as legitimate for themselves only, you can enable end user safelist and block list so they can manage who they trust and do not under your spam quarantine settings. However it will still flag emails as marketing if the rules deem it to be, the flagging tool only sends a sample to Cisco to review and reclassify if an email should. Be marketing.

I hope this clears up your query.

Regards

Matthew

Guy Schutt · ‎02-09-2016

Hi Wright,

I just solved this same problem for my Company.

1)On your Inbound Policy add a custom header to any messages that are flagged as Marketing.

2)In Exchange create a transport rule that looks for the header value

If the message:
'X-IPASS-MARKET' header contains ''True''
Take the following actions:
Set the spam confidence level (SCL) to '5'

3)Make sure your Organization config is set to a value lower than your rule:

[PS] C:\Windows\system32>Get-OrganizationConfig | fl *scl*

SCLJunkThreshold : 4

4) make sure users mailboxes have this set.

set-mailboxjunkemailconfiguration -mailbox user -enabled:$true

All of those messages will now go directly to junk folder and users can Manage it with their black list / whitelist.

wrightsreprints · ‎02-10-2016

Is there a way to find what a messages SCL level is/was? Can it be added to the message header?

Guy Schutt · ‎02-10-2016

Unless you have the anti -spam agents deployed there won't be any SCL level assigned to it by Exchange. https://technet.microsoft.com/en-us/library/bb201691(v=exchg.160).aspx

We don't use anti-spam agents so the rule is only triggered because we set the SCL to a threshold lower than the organization config.

I don't believe there is a weight assigned by Cisco - they simply categorize as bulk, market or social.

If you need to whitelist something in global - you would need to whitelist on the ESA.

wrightsreprints · ‎02-09-2016

Thanks for the details. This is what I was looking for. I had something similar in action with Exchange Online when I was testing it and it worked fairly well. The question I have now as I know it will be asked. By using Outlook Junk Mail to manage blacklist/whitelist, is it safe to assume these are saved on the client side (Outlook)?

I was quite disappointed to find out that the plugin for Outlook only was used to report directly to Cisco and not to the appliance. Our office is setup so that I can reimage desktops on the fly if needed and do not rely much on personal settings (APP DATA). That is why I ask.

Guy Schutt · ‎02-09-2016

Yes - The whitelist \blacklist are saved on the server side so Outlook does not need to be running. I agree I don't like to use plugins (not reliable). The whitelist / blacklist can be managed from OWA as well.

wrightsreprints · ‎02-09-2016

Was about to respond as I found that same answer with the powershell cmdlets. Thanks again.