Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-09-07
Many organizations are bound by legal or regulatory requirements to preserve or deliver all legitimate e-mail messages. In Microsoft Exchange Server 2007, spam quarantine is a feature of the Content Filter agent that reduces the risk of losing legitimate messages. Spam quarantine provides a temporary storage location for messages that are identified as spam and that should not be delivered to a user mailbox inside the organization.
Messages that are identified by the Content Filter agent as spam are wrapped in a non-delivery report (NDR) and are delivered to a spam quarantine mailbox inside the organization. You can manage messages that are delivered to the spam quarantine mailbox and can take appropriate actions. For example, you can delete messages or let messages that are flagged as false positives in anti-spam filtering be routed to their intended recipients. In addition, you can configure the spam quarantine mailbox to automatically delete messages after a designated time period.
For more information about how the anti-spam agents filter inbound messages and the order in which the agents are applied, see Anti-Spam and Antivirus Functionality.
When an external user sends e-mail messages to an Exchange server that runs the anti-spam features, the anti-spam features cumulatively evaluate characteristics of the messages and act as follows:
They filter out those messages that are suspected to be spam.
They assign a rating to messages based on the probability that a message is spam. This rating is stored with the message as a message property called the spam confidence level (SCL) rating.
Spam quarantine uses the SCL rating to determine whether mail has a high-probability of being spam. The SCL rating is a numeric value between 0 and 9, where 0 is considered less likely to be spam, and 9 is considered most likely to be spam.
You can configure mail that has a certain SCL rating to be deleted, rejected, or quarantined. The rating that triggers any of these actions is referred to as the SCL quarantine threshold. Within content filtering, you can configure the Content Filter agent to base its actions on the SCL quarantine threshold. For example, if you set the following conditions for the SCL thresholds:
The SCL delete threshold is set to 8.
The SCL reject threshold is set to 7.
The SCL quarantine threshold is set to 6.
The SCL Junk E-mail folder threshold to 5.
Then all e-mail with an SCL of 6 will be delivered to the spam quarantine mailbox.
For more information, see How to Enable and Configure the Spam Confidence Level Thresholds.
When messages are received by the Edge Transport server and all default anti-spam filters are enabled, the anti-spam agents apply their filters. Then the content filter is applied as follows:
If the SCL rating is greater than or equal to the SCL quarantine threshold but less than either the SCL delete threshold or SCL reject threshold, the message goes to the spam quarantine mailbox.
If the SCL rating is lower than the spam quarantine threshold, it is delivered to the recipient's Inbox.
The message administrator uses Microsoft Office Outlook 2007 to monitor the spam quarantine mailbox for false positives. If a false positive is found, the administrator can send the message to the recipient's mailbox.
The message administrator can review the anti-spam stamps if either of the following conditions is true:
Too many false positives are filtered into the spam quarantine mailbox.
Not enough spam is being rejected or deleted.
For more information, see Anti-Spam Stamps.
The administrator can then adjust the SCL settings to more accurately filter the spam that is coming into the organization. For more information, see Adjusting the Spam Confidence Level Threshold.
Spam filtering and quarantine functionality is enhanced by or is also available as a service from Microsoft Exchange Hosted Services. Exchange Hosted Services is a set of four distinct hosted services:
Hosted Filtering, which helps organizations protect themselves from e-mail-borne malware
Hosted Archive, which helps them satisfy retention requirements for compliance
Hosted Encryption, which helps them encrypt data to preserve confidentiality
Hosted Continuity, which helps them preserve access to e-mail during and after emergency situations
These services integrate with any on-premise Exchange servers that are managed in-house or Hosted Exchange e-mail services that are offered through service providers. For more information about Exchange Hosted Services, see Microsoft Exchange Hosted Services.