Messaging Gateway

Inbound message is sent to 2 recipients in my organization.  The first (Tom) indicates the message was delivered normally while the second (Jane) it shows as supect SPAM and is sent to our postmaster account.  This has occured more than once from the same sender to the same 2 individuals with the same results.  Tom works fine, Jane it's not.  Our Suspect threshold is currently set to 60 to 89.  The content is exactly the same so I'm trying to understand why it's triggering on one but not the other.  Is there any way I can see the spam score in the GUI?  Any other info I can provide, let me know!

The "spam score" is proprietary and likely not as straight forward as the numbers on the screen would lead you to think (it's easier to consider a number between one and 100, rather than considering the many different components and signatures by which a message is judged). As such, there is no way to view how a message is judged within the product.

Also, I understand that the email content appears to be the same within an email client, but the actual contents of the message can vary by quite a bit. To have a true view and sense of what is filtered against you would need to view the raw RFC822 message, complete with all headers and MIME boundaries.

The best option would likely be to raise the suspect spam score in slight increments to help correct this.

So how the message is scored I can understand being proprietary.  Is there any way to see what the score was on a message?  I think that would be very useful in helping organizations tweak their system to take full advantage of the gateway.  Additionally, if I do view the headers, what is that going to tell me if I can't determine what in the header SBG flagged on?

How the message is scored translates to the score itself, so the score is proprietary and not viewable. Your scenario of tweaking the system to take full advantage of the Messaging Gateway would work for spammers and scammers just as easily as it would help you. Spammers/scammers use protection technology just like anyone else, both to protect themselves and to test against - and they would be more than happy to take advantage of any technology that allows them to. It is unfortunate that there is no way to allow that information to only be seen by well intentioned users (support doesn't even have direct access to that information).

Viewing the raw RFC822 format message (not just the headers) would help you to understand the differences between the message that was accepted and the one that was captured as suspect spam. Aside from that, it is not really going to help in this instance (but it would help if you wanted to build a content filter for the message).

Given the above, in a situation where one message passes through and another similar message is caught as suspect spam, the best corrective route is to modify the suspect spam threshold. In many circumstances, allowing users to administer their own spam quarantine is also a possible option.

I kinda figured that but thought I'd ask anyway.  Thanks for your assistance Art. 

So, I have a copy of both messages, the one the recipient recieved and the one delivered to our Postmaster account as suspect.  Can someone point me to a guide or instructions on viewing the raw RFC822 data to compare the differences in the messages?

Getting the raw RFC822 message differs by MTA and email client.

Domino, for most instances I've seen, modifies the base message so it is difficult to obtain a raw message and I haven't come across a reliable solution (but I rarely work with Domino).

Exchange either stores the message in raw format or in a database format. If it stores it raw, you can pull it directly from the filesystem. Otherwise, it is easier to obtain the message in a client that will offer it to you raw.

Outlook modifies the message, so you cannot get a raw message directly from Outlook. However, you can use the Forward as Attachment option (open the messsage and then CTRL+ALT+F) to forward the raw message to be viewed in a client that will offer it raw.

Various clients offer a raw message view. I think the two most often used are Outlook Express (file -> save as -> save as type .eml) and Mozilla Thunderbird (CTRL+U). Web email often allows source view as well.