Exchange Server 2007 exposes SCL in message headers

by Bharat Suneja

Exchange Server 2003’s Intelligent Message Filter (IMF) assigns a SCL— a value that indicates the probability of a message being spam – to every message it scans. SCL is assigned based on factors such as message content, headers, and IP addresses.

By default, Exchange Server and Microsoft Outlook do not expose this SCL value assigned to a message – it’s neither visible in any of Outlook’s message views, nor inserted in message headers. It’s a MAPI property of a message.

If IMF’s Gateway action is set to Archive, Exchange allows you to save the SCL in message headers of archived messages. This is done using a registry hack mentioned in a previous post “IMF: Archiving spam“.

You can also expose the SCL property as an additional column in Microsoft Outlook— after going through a series of steps documented in Exposing SCL (Spam Confidence Level) in Outlook on the Exchange team blog. You can then use that view in OWA as well.

Exchange Server 2007 inserts detailed anti-spam stamp in message headers. This includes both SCL and PCL values, SenderID lookup details such as the Purported Responsible Domain (PRD), SenderID status.

Here are antispam headers inserted by Exchange 2007:

X-MS-Exchange-Organization-SenderIdResult: Pass
Received-SPF: Pass ( domain of
[email protected] designates as
permitted sender); client-ip=;;
X-MS-Exchange-Organization-SCL: 4
X-MS-Exchange-Organization-PCL: 2
DV:3.3.5705.600;SV:3.3.4604.600;SID:SenderIDStatus Pass;OrigIP:

If you are a heavy OWA user, there’s good news! Message headers can now be checked in OWA as well— although you need to open a message to check headers. There’s no option to view full message headers in the preview pane by default, or a button to toggle between simple and full message headers that’s common in some web-based email services such as Yahoo!’s.

Screenshot: Antispam headers in OWA
Figure 1: Exchange 2007 inserts antispam stamp in message headers. You can also view message headers in OWA 2007.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: