You have an Exchange Server 2016 organization. The organization contains an Edge transport
server. Users report that a message with the following anti-spam headers is delivered to their Inbox
folder in Microsoft Outlook:
X-MS-Exchange-Organization-PCL: 7
X-MS-Exchange-Organization-SCL: 6
X-MS-Exchange-Organization-Antispam-Report: DV:3.1.3924.1409;SID:SenderIDStatus
Fail;PCL:PhishingLevel SUSPICIOUS;CW:CustomList;PP:Presolved;TIME:TimeBasedFeatures
You need to prevent similar messages from being delivered. The solution must generate a nondelivery report (NDR) when the messages are prevented from being delivered to all user mailboxes.
What should you do?
A.
Set the SCL reject threshold to 7.
B.
Run the Set-SenderIdConfig cmdlet.
C.
Set the SCL delete threshold to 7.
D.
Run the Set-TransportConfig cmdlet.
Explanation:
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx
Agree with A.
The Spam Confidence Level value is lower than the default of 7 (it is set at 6).
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx (SCL explained)
https://technet.microsoft.com/en-us/library/aa996878(v=exchg.160).aspx
(Phishing Confidence Level – PCL explained)
Agree with A.
The Spam Confidence Level value is lower than the default of 7 (it is set at 6).
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx
SCL explained
https://technet.microsoft.com/en-us/library/aa996878(v=exchg.160).aspx
Phishing Confidence Level – PCL explained
A is not correct. If you look closely, you can see the following in the NDR: SenderIDStatus Fail. Although the message was confirmed to be spoofed, it was allowed to pass through. This is because the -SpoofedDomainAction of SenderIdConfig is set to StampStatus
With Set-SenderIdConfig we can set -SpoofedDomainAction to Reject. This also generates the required NDR