By default, junk e-mail filtering is enabled on all mailboxes in Outlook Live. Users can manage some spam settings for their mailbox. For more information about how users can manage spam, see Junk E-Mail Settings.

If users have specified safe senders or are treating contacts as safe senders in their e-mail client, messages from safe senders with an SCL less than 7 will be delivered to the user's Inbox. All messages with an SCL greater than 7 will be deleted at the Outlook Live gateway server, even if your users have added the sender to their Safe Senders List.

After you enroll your organization with Microsoft Live@edu, you can manage the IP safelists for your organization. If you have an on-premises messaging system and the Outlook Live service in the cloud, lots of mail is likely to be sent between the two systems. You want spam filtering applied to e-mail messages that come from external sources, but when a message comes from your own servers, you want that message delivered to the user's Inbox. By adding the IP addresses of all your on-premises servers that generate e-mail to the correct IP safelist, you can make sure that e-mail messages from those servers aren't treated like spam. We use IP addresses for safelisting, instead of domain names, because IP addresses are more difficult to spoof.

The spam filtering process

Here's how e-mail is processed when it reaches the Outlook Live gateway server and is analyzed by the online protection system.

Two kinds of spam filtering are applied before e-mail is delivered to Outlook Live recipients:

• Connection filtering   The volume of messages that are sent from a single IP address is monitored. Connections from a single IP address that sends large volumes of e-mail to one or more recipients in your domain may be suspected of sending spam.
  
• Content filtering   The message subject and body are examined for keywords or phrases that might indicate that a message is spam.
  

In addition, skiplisting may be applied when your gateway server relays e-mail from internal servers and from the Internet. Skiplisting is the process of bypassing the connecting IP address in the mail header, for the purposes of assessing the likelihood that the message is spam, and instead inspecting the previous IP address listed in the header.

Skiplisting does the following:

• Connections from gateway servers aren't blocked or throttled.
  
• E-mail from internal servers isn't subjected to content filtering.
  
• Content filtering is applied to e-mail from Internet sources.
  

If you enter IP addresses on the gateway server list and the internal servers list, skiplisting is applied to your gateway servers. We won't apply connection filtering to the IP address, but we will examine the IP address that is one hop back from the gateway server to determine whether the e-mail message should be evaluated as spam.

For example, the message header may contain the following:

Received from contoso.com (10.1.1.1) by fineartschool.net (192.168.1.1)

Received from tailspintoys.com (172.16.1.1) by contoso.com (10.1.1.1)

If 10.1.1.1 is the IP address of your gateway server and it is skiplisted, the SCL is maintained on the previous hop, in this case 172.16.1.1.

Messages that meet filtering criteria can be blocked or delivered to the user's Junk E-Mail folder. You can also use organization-wide rules to control the flow of e-mail messages in your organization. For example, a rule might reject all e-mail that contains specific keywords or is from a specific source.

You can't add third-party SMTP IP addresses to the Outlook Live safelist on behalf of your organization. The most effective method to ensure e-mail delivery into Outlook Live is to encourage third-parties to become a certified sender. For more information about the external service, see Sender Score Certified.

In emergency situations, your organization may need to send a broadcast message to all users in Outlook Live. Some organizations use third-party emergency notification services to do this.

To ensure that these messages aren't treated as spam by Outlook Live and all your users receive these messages as quickly as possible, take the following precautions:

If you are sending broadcast messages to a large number of users at once, remember that only 100 messages are accepted per connection. If more than 100 messages are queued for delivery to Outlook Live, the connection is dropped after 100 messages and your on-premises e-mail servers have to reestablish the connection to send the next batch of 100 messages. Therefore, you must devise an emergency broadcast message plan that lets you quickly send out e-mail to all users without exceeding the 100 messages per connection limit. The best way to do this is to use public groups or a dynamic distribution group to reduce the number of messages that are sent at one time. A group is treated as a single recipient for e-mail delivery restrictions. For more information, see Send Broadcast Messages to All Students.

If you are using a third-party emergency notification service to broadcast emergency messages to your users, contact your Microsoft Live@edu representative to verify that the service complies with Windows Live.

For more information about the Windows Live e-mail safety infrastructure, see Fighting Junk E-mail.