Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains

Remediation Considerations

MaxScore	ImplementationCost	UserImpact
3	Unknown	Unknown

Remediation Impact

Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain

Remediation

To modify SCL in mail transport rules so they do not allow any specific domains:

1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
2. Click to expand Mail Flow and then select Rules.
3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.

   • In "Do the following" section, select "Modify the message properties" and "set the spam confidence level (SCL)" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

References:

1. Spam confidence level | Microsoft Learn
2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn