In September 2021, IMS migrated inbound email processing from on-campus servers to Microsoft's cloud as part of an ongoing project to fully utilize the institution's investment in Office 365. One major component of this change is that spam filtering has now moved from our previous platform and into Office 365. Office 365 has different capabilities and uses different methods to classify unwanted messages, so you may have noticed a change in how spam messages are processed and delivered to you.
"[BULK]" tag discontinued
One such change is that we no longer have the ability to apply separate "[SPAM]" or "[BULK]" tags to messages based on their classification. Previously, messages that were classified as "graymail", or marketing messages that may be considered junk but are not truly unsolicited spam, would receive the "BULK" tag, while true spam messages would be tagged as "SPAM". However, due to a limitation in the Office 365 anti-spam platform, we can only specify one tag to apply to either or both classifications, so the "SPAM" tag is now applied to messages identified as true spam as well as to marketing messages that have an above average complaint score, i.e. many recipients have reported it as junk. This means that messages that would have been previously marked as "BULK" will either be marked as "SPAM" or possibly not tagged at all.
Marketing messages
As mentioned above, marketing messages fall into a category of mail known as "graymail". In many cases, these messages are desired by the recipient, such as newsletters, industry reports, or sometimes even advertising. In other cases, these messages are considered unwanted. Office 365 uses a somewhat different approach to classifying these messages, and we realize that in some cases, Microsoft's paradigm produces a different outcome than our previous system. However, the intent is that, by and large, messages you have subscribed to will not be marked as spam while most unsolicited message are. Please understand, however, that no filtering is perfect, and that due to the subjective nature of graymail, it is very difficult to distinguish between desired marketing messages and unwanted messages. The old adage "one man's trash is another man's treasure" applies here. To that end, Outlook allows you to add addresses to safe lists and blocked lists; please contact the IMS Service Desk if you need assistance using them.
Junk Email folder
All messages classified by the spam filtering service as spam or bulk should be deposited into your junk email folder automatically. You should check your Junk folder periodically (daily is recommended) for "false-positive" messages. In most versions of Outlook, you can right-click any such messages and select "Not junk" in order to move them back to the Inbox and, if desired, add the sender to your safe senders list. If these come from a UTHSCSA system or application, we can whitelist them centrally to prevent them from being marked as spam. (See "false positives" below.)
Note that messages are automatically deleted from the Junk Email folder after 30 days.
We have discovered that some folks would rather not have spam sent to the Junk Email folder and prefer to manage all their mail directly from their Inbox. If this is your preference, we can disable the Junk Email folder; please submit a request to do so here: UT Health Email Changes
False positives
We are aware that some legitimate messages are incorrectly classified as spam and, consequently, moved to the Junk Email folder. If this is a message that is important to you but you don't think others would want, you can add the sender to your safe senders list and this should prevent it from going to your junk folder going forward. If the message is likely to be desired by many people, such as from a UTHSCSA system or application, we can whitelist it centrally to prevent it from being marked as spam in the future. Please submit a service request for this; we will need a copy of the original message attached to the request to analyze.
Why am I seeing spammy messages that aren't tagged with "[SPAM]"
There are several filtering technologies in use, and we have discovered that one of the filters does not apply the "SPAM" tag even though the filters identify it as suspect. This happens because that particular filtering occurs later in the workflow after the point at which the "SPAM" tag would be applied and does not provide the capability of tagging messages. However, these messages should still land in your junk email folder automatically.
If such messages are not in your junk folder, there are a few other possibilities:
- The message in question is simply too new for the spam filters to have "learned" about it. This would be considered a false-negative.
- The message is graymail that did not meet the threshold to be tagged; for example, a newsletter or other subscribed advertising.
- You have safe-listed the sender.
How does Office 365's spam filtering work?
Like anti-virus software vendors, anti-spam vendors don't like to disclose their methods in order to prevent circumventing, so we don't know exactly what the inner workings are. However, we do know that inbound messages are sent through these filters:
- First, incoming connections are checked to see if they are originating from a known spam source. This "reputation filtering" blocks the majority of spam.
- Then, messages pass through malware filters looking for virus and phishing signatures. Messages that trigger a hit here are quarantined and not delivered to the recipient. Quarantined messages are held for 30 days and can be released to the intended recipient on request after analysis to ensure it's safe.
- After that, messages are scanned for known spam content and bulk rating and scored accordingly. Messages exceeding certain thresholds are marked as spam and deposited in the recipient's junk email folder.
- Finally, messages are checked for spoofing (i.e. illegitimate sender) and, if determined to be spoofed, are also deposited into the recipient's junk email folder.