Understanding Outbound Spam Filtering
Applies to: Office 365 Small Business, Office 365 ProPlus, Office 365 Enterprise, Live@edu, Forefront Online Protection for Exchange
Topic Last Modified: 2012-04-06
When a customer's email system has been compromised by a virus or malicious spam attack, and it is sending outbound spam through Forefront Online Protection for Exchange, this could result in the IP addresses of the Hosted Filtering Data Center being listed on other block lists. Additionally, destination servers that do not use the Hosted Filtering service, but do use these block lists, end up rejecting all email sent from any of the Hosted Filtering IP addresses that have been added to those lists. Therefore, all outbound messages that exceed the spam threshold are delivered through a Higher Risk Delivery Pool. The Higher Risk Delivery Pool is a secondary outbound email pool that is used to send messages that may be of low quality, thus helping to protect the rest of the network from sending messages that are more likely to result in the sending IP address being blocked.
The use of a dedicated Higher Risk Delivery Pool helps ensure that the normal outbound pool is only sending email that is known to be high-quality. The possibility of the Higher Risk Delivery Pool being placed on a blocked list remains a risk. This is by design. This secondary IP pool helps to reduce the probability of the normal outbound-IP pool being added to a blocked list.
Also, messages where the sending domain has no address record (A record), which gives you the IP address of the domain, and no mail exchange record (MX record), which helps direct mail to the servers that should receive the mail for a particular domain in the DNS, are routed through the Higher Risk Delivery Pool regardless of their spam disposition.