- Cut-and-paste the message headers into the Message Header Analyzer
- Examine the X-Forefront-Antispam-Report header:
||Records the final decision on whether something was spam or not
||Records the decision based on message content filters
||Records the categorisation decision, which can identify other types of undesirable message
||Not useful as filtering based on external sender address is done elsewhere in our system
- Examine the X-Microsoft-Antispam-Mailbox-Delivery header:
||Server-side decision to deliver to Junk Mail
||Server-side decision to deliver to INBOX
||Server-side decision to deliver to user-specified (custom) folder
||Outlook rule determined delivery of this message
||Exchange determined delivery of this message, possibly using mailbox spam rules
Ignore IP filtering results or SPF failures in the Authentication-Results and related headers. Sender-IP filtering is done elsewhere in our system, and the headers you see are not based on the actual sender.
For Outlook rules check Home > Move > Rules > Message rules in Outlook. You will need to check message rules in Outlook desktop and Outlook web as some rules are only displayed / effective in one or the other.
Details of the MS headers are available at Anti-spam message headers - Office 365 | Microsoft Docs