The purpose of this Tech Document is to explain how the email that originates from outside this organization is processed, and to describe the tools that you can use to manage your personal spam quarantine. This memo does not apply to internal email messages.
To protect this organization from virus attacks and to protect you from receiving hundreds of spam messages, all incoming email is filtered by the Forefront Online Security for Exchange (FOPE) - an anti-spam and anti-virus product. FOPE uses an advanced machine learning filtering technique to ensure that no valid mail is improperly filtered.
All incoming (and outgoing) email is filtered by FOPE. Depending upon rules and policies, messages that contain a virus or spam are either deleted or quarantined.
The Quarantine is a location on a server where email messages that are suspected to be spam are stored temporarily so that they can be reviewed and retrieved if necessary. System administrators have the ability to search for messages on a user's behalf, if the user knows the sender's email address. You may also review and take action on your own quarantined email through the use of the End User Digest. Messages that are not released from the Quarantine are automatically deleted after 15 days.
If email messages addressed to you were sent to the Quarantine, you will receive an email notification, called an End User Digest (or Digest), in your mailbox. The Digest provides you with a list of the messages addressed to you that are stored in the Quarantine. You can look at the message subject headers to determine their content and as a result what actions you want to apply to the messages. The digest email is mailed every 3 days.
This document will help you get started with the Microsoft® ForefrontTM Online Security for Exchange (FOSE) Quarantine feature. The Quarantine service has the following attributes:
You will receive periodic reminders from the Quarantine service when you have received new spam.
If you would like to have a message delivered to your Inbox click on the Move to Inbox link from the notification. This will send the message to your corporate e-mail Inbox.
There is no need to delete your messages in the Quarantine.
If you do no release a message from the Quarantine, it will automatically be deleted after 15 days. If you look at the messages in your Digest and determine that all of them are spam, you do not need to do anything. The messages will automatically be deleted from the Quarantine.
A false negative is an email incorrectly identified as not spam. An email message that is incorrectly delivered to your mail box becaue it was not identified as spam can be reported as a false negative.
Spammers are very clever and are always finding ways to trick products like the FOPE into delivering spam to your mailbox. FOPE frequently updated in an attempt to stay on step ahead of the spammers.
Reporting Spam to FOPE is easily
done right from within the full version of Outlook after downloading and installing this plugin from:
In your email menu bar, you will notice a new icon next to the Send/Receive.
The new icon is an easy way to report spam that has slipped through Forefront Online Protection for Exchange
If you receive an email and wish to report it to Microsoft, simply click that button. A copy of the message, with full headers, will be sent to Microsoft's Anti-spam team for analysis.
A false positive is an email incorrectly identified as spam. If an email message is scored as spam and sent to the Quarantine, but it really is a legitimate message from a legitimate sender, you can report it as a false positive.
In the future, messages that have the same characteristics as the message you reported will not be placed in the Quarantine for containing spam.
To report a false positive, find the message in our Outlook inbox. Once the message is highlighted, choose File>Save As from the menu.
A new window will pop up asking you for a location to save and a file name.
You may leave the default name. In the Save As Type box, drop down the box and choose Outlook Message Format (*msg). Then click Save. NOTE: You MUST save it in this format, or it will not be saved properly.
Once you have the message saved, open up a new email. Address it to False_Positive@messaging.microsoft.com, attach the message you just saved, and click Send.
Last Modified: July 28, 2011