The following concepts should be defined first to fully understand how emails are categorized as spam:

• Intelligent Message Filter (IMF)

  The IMF is a built-in spam filter for Exchange Servers that works at the gateway level. It was first introduced in Exchange 2003 SPI. In Exchange 2007/2010, IMF is called Content Filtering.
  According to Microsoft partners, IMF can assess the legitimacy of an incoming message. It assigns a Spam Confidence Level (SCL) rating to the message and compares it with defined thresholds.

• Spam Confidence Level (SCL)

  This is the rating IMF gives to a message based on the probability that it is a spam. SCL is assigned to MAPI property PR_CONTENT_FILTER_SCL. There are eleven values for SCL assignment:

  • -1 – This rating is reserved by Exchange for messages that are submitted internally. An SCL value -1 should not be overwritten since it is used to eliminate false positives for internal messages.
  • 0 – This rating is for messages that are not spam.
  • 1-9 – This is the range that a message has a low likelihood to high likelihood to be spam. The premise for this range is to allow the Administrator to decide how aggressive or conservative the filtering process will be. A lower threshold would mean a higher number of spam messages will be detected, but it also means that there would be more false positives. Accordingly, a higher threshold would result to lesser number of spam messages but also less false positives.
• Store Action Threshold (SAT)

  This is the value used to compare with the message’s assigned SCL when it reaches the Exchange Information Store. It determines whether the message’s final destination will be the user’s Inbox or the Junk Email folder.
  For a message to be delivered by Exchange to a user’s Junk Email Folder, its SCL needs to be greater than or equal to the SAT. Otherwise, it will be delivered to the Inbox, just like other messages.

The Junk E-Mail Integration feature of SMEX uses the SCL mechanism in order to tag a message as spam. Upon detecting an offending message using TMASE, the original SCL of the message and the configured value of SAT are both retrieved.

If the original SCL is greater than the SAT, then do nothing.

If the original SCL is less than or equal to the SAT, the SAT value is incremented by 1 and the message's SCL is updated.

For example, a spam email given an SCL rating of 5 by IMF in an Exchange Organization with a SAT of 7 will be modified by SMEX to have an SCL of 8. This would meet the condition of SCL > SAT (8 > 7) for Exchange to deliver the message to the Junk E-mail folder.

To set up the Exchange environment for SMEX’s Junk Email Integration to work:

1. Ensure that the Intelligent Message Filter is enabled:
   Exchange 2003
   Exchange 2007
   Exchange 2010
   Exchange 2013
   Exchange 2016

   In Exchange 2007/2010, the Anti-spam tab will appear in the Exchange Management console after successfully running the “./install-AntispamAgents.ps1” command.

   

   Click image to enlarge.

2. Configure the SAT value.

   For Exchange 2003:

   1. Open the Exchange System Manager.
   2. Go to <Organization> object > Global Settings.
   3. Right-click Message Delivery, and then select Properties.
   4. Go to the Intelligent Message Filtering tab and then choose Store Junk E-mail Configuration.

   For Exchange 2007 / 2010 / 2013 / 2016:

   1. Open the Exchange Management Shell.
   2. Check the current SAT value.
      Run the command "Get-OrganizationConfig | fl SCLJunkThreshold":

      

      Click image to enlarge.

   3. Assign a new SAT value. According to Microsoft, the recommended SAT value is 4.
      Run the command "Set-OrganizationConfig -SCLJunkThreshold <SAT>":

      

      Click image to enlarge.

   4. Verify the new value.
      Run the command "Get-OrganizationConfig | fl SCLJunkThreshold":

      

      Click image to enlarge.