How to Bypass Microsoft 365 Spam Filtering for Messages from MXGuardian

Kent Oyer
  • Updated
Follow

If your organization uses MXGuardian for email filtering before messages reach Microsoft 365, you may want Microsoft 365 to skip its own spam filtering for messages that have already been scanned.

This can be done by creating a mail flow rule that bypasses spam filtering when a message contains the header:

X-Spam-Filter: mxguardian.net

This ensures that messages processed by MXGuardian are not quarantined or filtered again by Microsoft 365.

This configuration is performed in the Exchange Admin Center for Microsoft Exchange Online, part of Microsoft 365.

 

Step 1 — Open the Exchange Admin Center

  1. Sign in to the Microsoft 365 Admin Center

  2. Open the Exchange Admin Center.

Direct link:
https://admin.exchange.microsoft.com

 

Step 2 — Navigate to Mail Flow Rules

  1. In the left menu select Mail flow

  2. Click Rules

This section controls transport rules that process incoming email for your organization.

 

Step 3 — Create a New Rule

  1. Click Add a rule

  2. Select Create a new rule

 

Step 4 — Configure the Rule Name

Enter a descriptive name such as:

Bypass spam filtering for MXGuardian messages

 

Step 5 — Configure the Condition

Under Apply this rule if:

  1. Select The message headers

  2. Choose includes any of these words

Configure the following:

Header name

X-Spam-Filter

Header value

mxguardian.net

This ensures the rule only applies to messages that were processed by MXGuardian.

 

Step 6 — Configure the Action

Under Do the following:

  1. Select Modify the message properties

  2. Choose Set the spam confidence level (SCL)

Set the value to:

Bypass spam filtering

This sets the SCL value to -1 which tells Microsoft 365 to bypass spam filtering entirely for the message.

Step 7 — Configure Rule Settings

Click Next

Recommended settings:

  • Mode: Enforce

  • Severity: Not specified

  • Stop processing more rules: Checked

Step 8 — Save the Rule

  1. Click Save

The rule will now apply to all incoming messages that contain the MXGuardian header.

 

How the Rule Works

When a message arrives in Microsoft 365:

  1. Exchange checks for the header

X-Spam-Filter: mxguardian.net

  1. If present, the rule sets the Spam Confidence Level (SCL) to -1

  2. Microsoft 365 skips spam filtering and delivers the message directly to the recipient's inbox.

 

Important Recommendation

To prevent spoofing, organizations should also ensure that only MXGuardian servers are allowed to send mail to Microsoft 365 by using an inbound connector with IP restrictions. This prevents external senders from adding the header themselves. For complete instructions, please see this article:

https://support.mxguardian.net/hc/en-us/articles/115000747371-Best-Practices-for-Microsoft-365-Exchange-Online

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk