Jan 26, 2018

Legitimate vs. Spam Messages: Breaking Down Microsoft’s Rating System

Legitimate vs. Spam Messages: Breaking Down Microsoft’s Rating System

Legitimate vs. Spam Messages: Breaking Down Microsoft’s Rating System

Fighting Spam

Every email marketer would love to know the special sauce that gets their messages directly into the intended recipient’s inbox. However, most marketers, especially those who’ve been doing it for a while, know just how complicated and tricky that task can be.

ISPs give us a few of their secret ingredients here and there, but most scanning and filtering tools that ISPs use are not shared publicly — and for good reason! No one wants spam in their inbox! And if spammers knew all the secrets, they could circumvent them. But for legitimate senders who need to get an email to people who have asked for their messages, sometimes it can be frustrating.

One of the clues Microsoft gives us into how they measure the legitimacy of your email message lies in the headers. In the last few years, they’ve introduced a rating system that determines how spammy or phishy they believe a message to be as well as how likely the sender is to generate spam complaints.

Microsoft’s Anti-Spam Message Headers: SCL, PCL & BCL

As soon as an email message hits Microsoft’s servers, their proprietary Exchange Online Protection (EOP) filtering service scans the message and then inserts an anti-spam report into the message headers. You can read more about all of the different fields and filters they use here, but the three fields that I’m going to focus on today that have helped us understand how messages are being processed are:

SCL = The Spam Confidence Level
PCL = The Phishing Confidence Level
BCL = The Bulk Complaint Level

When opening the message headers you can do a search for X-Forefront-Antispam-Report and find the SCL ratings underneath. BCL and PCL ratings can be found under the X-Microsoft-Antispam section. Here’s a screenshot of the message headers from a message I received in my Outlook account where I’ve highlighted these ratings.


SCL — Spam Confidence Level

After the email is received and goes through the EOP spam filtering it’s given an SCL score. Here’s a breakdown of what each means:

-1 = A special value that means the message is a safe sender and is not spam. This score tells Microsoft to put the message in the inbox.
0-1 = The content of the message was scanned and determined to not be spam. These two scores also tell Microsoft to deliver the message to the inbox.
5-9 = Starting with a score of 5 the message is suspected to be spam and is increasingly suspect to the highest score of 9 which indicates there’s a high confidence it’s spam. Any rating between 5 and 9 means the message should be sent to the Junk folder.

*Note: 2, 3, 4, 7, and 8 are ratings that are not assigned by Microsoft.

For more information, refer to Microsoft’s official documentation on SCL.

BCL — Bulk Complaint Level

BCL ratings range from 0-9 depending on how likely the message is to generate complaints based on historical data. Microsoft says they use both an internal and third-party tool to assign messages a rating — a message that receives a 2 is unlikely to generate many complaints versus a message that receives a score of 8, which is likely to generate a high number of complaints. Here’s the breakdown of BCL ratings:

0 = Indicates the message is not from a bulk sender.
1-3 = This bulk sender generates few complaints.
4-7 = This bulk sender generates a mixed number of complaints.
8-9 = This bulk sender generates a high number of complaints.

For more information, refer to Microsoft’s official documentation on BCL

PCL — Phishing Confidence Level

This rating simply determines how likely the message is a phishing message based on the content. These range from:

0-3 = Not likely to be phishing.
4-8 = Likely to be phishing and marked as suspicious content.

For more information, refer to Microsoft’s official documentation on PCL.

What Do These Ratings Mean?

So what can we take away from these ratings? If you’re having junk foldering issues at any of the Microsoft domains check your SCL, BCL, or PCL ratings. If any of these are high, it could be the cause of the junk foldering. Microsoft doesn’t disclose the specific criteria for how they assign these ratings, but looking at the ratings will let you know what aspect of your email sending you may need to improve to get better inbox placement, be it the message content or your sending practices.