In this new blog post - http://blogs.technet.com/b/exchange/archive/2014/09/25/take-advantage-of-eops-new-bulk-mail-detection.aspx - there was an announcement enhancements in regards to how Exchange Online Protection (EOP) will handle Bulk Mail Detection. I found this interesting because I have this discussion all the time with customers who are evaluating Exchange Online and EOP.
Today in EOP, under advanced options, there is a Yes/No flag called “Block all bulk mail messages”. In the Microsoft blog they correctly called out this as a “gray area”. I have always had the exact discussion of “what constitutes” bulk email because there can absolutely be legitimate external email campaigns with information that can be important to a business. What they have said up to today is that EOP has not been very aggressive when evaluating bulk email. This is changing.
Moving forward in EOP, a new header is available called X-Microsoft-Antispam. In this header will be values for BCL (Bulk Complaint Level) and PCL (Phishing Confidence Level). What you can do now is have the ability to evaluate the X-Microsoft-Antispam header in a transport rule and if the BCL or PCL level is too high for your liking, you can then set the SCL (Spam Confidence Level) to an appropriate level and then have message route to the end user using the policies you have set-up (send to quarantine, send to junk mail folder, etc., etc.). They also noted in the blog that they plan to change the “Block all bulk mail messages” flay from Yes/No to a value based level set which will be an alternative to creating the transport rule that I just discussed.
Here are some other good links which were on the blog on this subject: