In the EOP (Exchange Online Protection, our newer service) and FOPE (Forefront Online Protection for Exchange, our older service), there are some nuances that end users should be aware of when using the safe senders and blocked senders feature.
Customers who use Outlook as their mail client and sync their safe and blocked sender lists to EOP or FOPE can have their individual user lists respected by the service. However, there are some differences between FOPE and EOP:
However, users who want to use safe and blocked senders need to know that if they are using EOP or FOPE, Outlook and EOP/FOPE handle it differently: EOP and FOPE respect Safe Senders and Domains by inspecting the RFC 5321.MailFrom while Outlook adds RFC 5322.From to a user’s safe sender list. EOP inspects both the 5321.MailFrom and 5322.From for Blocked Senders and Domains.
This means that what you add as a safe sender or domain in Outlook might not work the way you think!
Much of the time, the 5321.MailFrom and 5322.From are the same. This is typical for person-to-person communication and what people usually want to add safe senders for. However, when email is sent on behalf of someone else, they are frequently different. This usually happens most often for Bulk Email and it is where problems can occur.
For example, suppose that the airline Oceanic Airlines has contracted out Big Communications to send out its email advertising. You then get the following message in your inbox:
In your email client, you see the sender is email@example.com. To prevent this message from going to junk, you add it as a safe sender in Outlook. Unfortunately, the next time it comes through, it also gets filtered. What’s going on? You added it as a safe sender!
The reason is that firstname.lastname@example.org is the 5322.From address and it is the one you see in Outlook, but EOP and FOPE do not inspect it. The 5321.MailFrom is email@example.com and that is the one FOPE and EOP inspects. But, it does not appear anywhere in the message display.
In order to have it skip filtering, you need to add the 5321.MailFrom to the safe senders manually. To do this:
You have now added the correct email address to your safe senders list such that it integrates with EOP and FOPE, which will subsequently not mark messages coming from this sender as spam the next time they are delivered to you. Admittedly this is non-intuitive but in my next post I will explain why EOP and FOPE perform safe sender checks on the 5321.MailFrom email address.