Create an SCL -1 Rule in Microsoft for CloudFilter Domains

Description

This is a companion article to the Mailprotector document Configure Enhanced Filtering with Exchange Online. In most cases, the inbound connector to Microsoft 365's Exchange Online to secure mail flow from Mailprotector is sufficient. Emails arriving from Mailprotector often fail SPF and DMARC validation performed by Exchange Online Protection (EOP) or Microsoft Defender. Since the inbound connector establishes a trusted connection, this does not create a problem.

If messages need to be filtered through EOP or Microsoft Defender as a second filter, Enhanced Filtering must be configured. The feature provides Microsoft with gateway IP information to properly perform SPF, DKIM, and DMARC evaluations when messages come through Mailprotector first.

In rare cases, after configuring enhanced filtering with Exchange Online, more mail than is comfortable for the partner or customer is being held back by Exchange Online Protection or Microsoft Defender. In these situations, Mailprotector's inbound transports to Microsoft can be designated as trusted using the SCL -1 designation.

 

How to Create the Mailprotector Bypass Rule

Video

Step-by-Step

1. Go to Exchange Admin Center > Mail flow > Rules and click on + Add a rule.

add a rule.png

2. Fill out the rule:

  • Name: Mailprotector bypass
  • Apply this rule:
    • If the sender > IP Address is in any one of these ranges or exactly matches:
      • 52.0.70.91
      • 52.0.31.31
      • 52.0.74.211
  • Do the following:
    • Modify the message properties > set the spam confidence level (SCL):
      • Bypass spam filtering

set rule conditions.png

  • Click Next > Next.
  • Review the rule to ensure it is correctly configured then click Finish > Done.

review and finish.png

3. Enable the rule:

  • Click the rule's name to select it then click the toggle to change from Disable to Enable.
  • Wait until Updating the rule status, please wait… changes to Rule status updated successfully.

enable disable rule.png

NOTE: The priority of the rule usually does not need to be changed. However, if there is a conflicting transport rule in the M365 tenant to quarantine, reject, or set an elevated SCL, then the priority of the Mailprotector bypass rule should be set to 0. 

Exception

In rare cases a High-Confidence phishing message may be detected by Microsoft. It is very likely a legitimate phishing attempt, and it will be quarantined by Microsoft regardless of the bypass rule. 

 

For more information about creating SCL rules please visit Microsoft.

 

Related to

Updated

Was this article helpful?

0 out of 0 found this helpful