Bug in the Intelligent Message Filter (IMF) interface
Microsoft Exchange Intelligent Message Filter is a product developed by Microsoft to help companies reduce the amount of unsolicited commercial e-mail (UCE), or spam, received by users. You can read more about IMF on the Block Spam with Exchange 2003 Intelligent Message Filter page.
When looking at the IMF interface in the Exchange System Management snap-in (ESM) you can notice it specifically says that:
“Block messages with an SCL rating greater than or equal to:”
and on the Store Junk E-mail Configuration section, it clearly says:
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
“Move messages with an SCL rating greater than or equal to:”
SCL is a “rating system” that on a scale from -1 (only used for authenticated users) to 10, will tell Outlook or OWA whether or not the e-mail should be moved to the Junk E-mail folder (depending on the user’s settings). Note that not all messages might be transferred to the store (i.e. the user’s mailbox) depending on the settings on the IMF tab. Read more about how to Configure Intelligent Message Filter in Exchange 2003 SP2.
So, the SCL rating is in fact a threshold level, and by looking at the text, this threshold level is either any number GREATER than the level, or the number specified on the level itself.
However that is not true. A quick follow-up of my Display SCL Level in Outlook 2003 and Display SCL Level in OWA 2003 SP2 articles and by monitoring the SCL level in your inbox, you will be surprised to find that Exchange’s IMF does not perform the promised action (delete, archive and so on) on any message that has an SCL level EQUAL to the SCL level selected in the IMF interface, but ONLY on messages that have an SCL level GREATER than the one specified in the interface.
For example, if you specify a level of 8 for the blocking threshold, expecting it will block messages with an SCL rating of 8 AND 9, you will only find out that messages with the SCL rating of 8 are not blocked.
And if you specify a level of 6 for the moving threshold, expecting it will move messages with an SCL rating of 6 AND 7, you will only find out that messages with the SCL rating of 6 are not moved to the user’s Junk E-Mail folder.
Therefore, if you need messages with the SCL level of 8 to be blocked, and messaged with the SCL level of 6 to be moved to the user’s Junk E-Mail folder, you will need to configure the threshold levels with 7 and 5 respectively:
BTW, this error (or bug, call it anything you like, Microsoft might even call it a “feature” LOL) is in fact documented in MS KB 867633, but unless you dig into the article you won’t know. Also, apparently, Exchange Server 2003 SP2 did not fix this either. Maybe SP3 will…
You might also want to read the following related articles:
- Block Spam with Exchange 2003 Intelligent Message Filter
- Block Spam with Exchange 2003
- Block Spam with Outlook 2003
- Combating Spam in the Corporate Environment
- Configure Intelligent Message Filter in Exchange 2003 SP2
- Display SCL Level in OWA 2003 SP2
- Download Exchange 2003 Intelligent Message Filter
- GFI MailEssentials for Exchange/SMTP – more info
- How to Post to Newsgroups Without Getting spammed?
- Installing Intelligent Message Filter with Exchange 2003 SP2
- Sender Policy Framework
- Updating Intelligent Message Filter in Exchange Server 2003 SP2
- View Intelligent Message Filter Archive