What are Microsoft SCL and BCL ratings and how do they affect email deliverability?
Michael Ko
Co-founder & CEO, Suped
Published 23 Jun 2025
Updated 24 May 2026
10 min read
Summarize with
Microsoft SCL and BCL are separate ratings. SCL means spam confidence level, and it tells you how likely Microsoft thinks a specific message is spam. BCL means bulk complaint level, and it tells you whether a message came from a bulk sender and how complaint-prone that bulk sender looks. They affect deliverability because Microsoft 365 tenants can move, quarantine, or allow messages based on these ratings and the recipient organization's anti-spam policy.
The practical answer is this: SCL is more about the message-level spam verdict. BCL is more about bulk sender classification and complaint history. Neither rating maps cleanly to only domain reputation or only IP reputation. The visible From domain, authenticated domains, sending IP, message content, list quality, recipient engagement, complaints, and the recipient tenant's settings all matter.
- SCL: A low SCL, such as 0 or 1, usually means Microsoft did not classify that individual message as spam.
- BCL: A BCL of 5 means Microsoft sees the sender as bulk and tied to a mixed level of complaints.
- Deliverability: A message can have SCL 1 and still land in junk if the recipient tenant treats BCL 5 as enough reason to filter bulk mail.
- Diagnosis: Start with the actual headers, then compare authentication, content, audience quality, and IP history.
How SCL works
Microsoft explains SCL as the score that results after inbound spam filtering maps a message to a spam confidence value. The Microsoft SCL page says higher SCL values mean the message is more likely to be spam. The value is stamped into an X-header, so I treat it as evidence about one delivered or filtered message, not as a standalone reputation score for the whole domain.
|
|
|
|---|---|---|
-1 | Filtering skipped | Inbox |
0, 1 | Not spam | Inbox |
5, 6 | Spam | Junk |
7-9 | High confidence | Junk or quarantine |
Common SCL meanings in Microsoft 365 filtering.
A key detail: Microsoft says spam filtering itself does not stamp SCL 2, 3, or 4. When I see those values, I look for another mail flow component, policy, allow rule, safe sender behavior, or header rewrite before assuming the spam filter created the value.
SCL is not a raw complaint rate
Complaints can feed reputation systems, but SCL is a spam confidence verdict. A high SCL can come from content, authentication failure, previous sender behavior, policy actions, or message analysis. A low SCL does not prove that the sender has no complaint issue elsewhere.
How BCL works
BCL is narrower. It is about bulk email, also called gray mail, and how complaint-prone that bulk sender looks. The Microsoft BCL page says every cloud mailbox organization assigns BCL values to inbound messages from bulk senders. Higher BCL means the message is more likely to have unwanted spam-like behavior.
BCL interpretation bands
Microsoft BCL values describe whether mail is bulk and how complaint-prone the sender appears.
Not bulk
0
The message is not from a bulk sender.
Few complaints
1-3
The message is from a bulk sender with a low complaint pattern.
Mixed complaints
4-7
The message is from a bulk sender with mixed complaint behavior.
High complaints
8-9
The message is from a bulk sender with a high complaint pattern.
BCL filtering depends heavily on the receiving Microsoft 365 tenant. The default anti-spam policy threshold is 7, the Standard preset threshold is 6, and the Strict preset threshold is 5. That means BCL 5 can pass one tenant and hit junk or quarantine at another, even when the message and sender are identical.
Example Microsoft message headerstext
X-MS-Exchange-Organization-SCL: 1 X-Microsoft-Antispam: BCL:5; Authentication-Results: spf=pass dkim=pass dmarc=pass
That header pattern tells a clear story. The message authenticated and did not look like spam at the SCL layer, but Microsoft still classified it as bulk with mixed complaints. The next investigation should focus on why Microsoft sees the sender as bulk, how the audience reacts, and whether shared infrastructure has a history the sender does not control.
Why SCL and BCL disagree
SCL and BCL disagree because they answer different questions. SCL asks, "Does this message look like spam?" BCL asks, "Is this bulk mail, and how much does this bulk sender tend to irritate recipients?" A clean, fully authenticated newsletter can score SCL 1 and BCL 5 when Microsoft sees it as bulk mail with mixed complaint history.
Flowchart showing separate SCL and BCL classification paths.
SCL is high
- Content: The message body, links, wording, or attachment pattern looks spammy.
- Authentication: SPF, DKIM, or DMARC failure raises suspicion.
- Policy: A mail flow rule, tenant setting, or override changes the verdict.
BCL is high
- Bulk status: Microsoft recognizes the sender or message stream as bulk mail.
- Complaints: The bulk sender pattern has enough complaints to raise the rating.
- Threshold: The recipient tenant filters bulk mail at the configured BCL level.
This split explains why Microsoft destinations can behave worse than other mailbox providers. Microsoft has its own bulk classification and tenant-controlled thresholds. A sender can look clean elsewhere and still run into a Microsoft-only bulk filtering problem.
Is it the IP, domain, or message?
The honest answer is that SCL and BCL do not give you a one-field root cause. I separate the investigation into three tracks: the mail being sent, the sending identity, and the infrastructure. Shared IP ranges deserve attention, especially if the sender has Microsoft-only problems, but a questionable IP range does not automatically explain BCL 5.
A real test message matters more than a dashboard screenshot. Send the same campaign seed to Microsoft 365 and non-Microsoft inboxes, inspect the full headers, and compare SCL, BCL, SPF, DKIM, DMARC, and final folder placement. Suped's email tester helps with that workflow because it gives you a single report for authentication, content, and placement signals.
Email tester
Send a real email to this address. Suped opens the report when the test is ready.
?/43tests passed
Preparing test address...
After that, look for patterns. If all mail from one shared IP family has Microsoft trouble, infrastructure is a real lead. If only one newsletter stream has BCL issues, the problem is closer to audience fit, complaint behavior, cadence, or content. If transactional mail and marketing mail share a domain, separate them before you draw conclusions.
- IP evidence: Multiple unrelated senders on the same range have Microsoft-only filtering trouble.
- Domain evidence: All mail using the same visible From domain has higher junk placement.
- Message evidence: Only one template, campaign type, or list segment receives the bad rating.
- Tenant evidence: The same message lands differently across Microsoft 365 recipients.
How to troubleshoot Microsoft SCL and BCL
The fastest workflow is to capture evidence before changing anything. I want the raw headers, the sending stream, the domain, the IP, the authentication results, and the recipient outcome in one place. Guessing from SCL or BCL alone leads to bad fixes.
Microsoft Defender portal report view with SCL and BCL filtering controls.
- Collect headers: Get the original message headers from a Microsoft 365 recipient and note SCL, BCL, authentication results, and delivery action.
- Verify authentication: Confirm SPF, DKIM, and DMARC pass for the visible sending domain. Use DMARC monitoring to catch failures by source.
- Check reputation: Review IP and domain blocklist or blacklist exposure with blocklist monitoring, especially for shared IP ranges.
- Segment results: Compare newsletters, transactional messages, lifecycle messages, and one-to-one mail separately.
- Test content: Change one variable at a time: subject, template, link domain, audience segment, or sending cadence.
- Review policy: Ask the recipient admin whether Strict preset security or a custom BCL threshold applies.
Minimal DMARC record during monitoringtext
v=DMARC1; p=none; rua=mailto:reports@yourdomain.com
That DMARC record will not lower BCL by itself. Its job is to give you reporting. Once you know which sources pass or fail, move toward stricter policy in controlled stages. Authentication problems are easiest to fix when you see each source instead of treating every Microsoft junk placement as one generic deliverability issue.
What to change when BCL is high
When BCL is high and SCL is low, do not rewrite the whole email first. Start with the sender's bulk pattern. Microsoft is telling you the message belongs to a bulk stream and that stream has mixed or high complaint behavior. Fix the things that make opted-in recipients hit junk, ignore the mail, or treat it as unwanted.
Good bulk mail still needs restraint
Bulk does not mean bad. It means one sender is sending similar messages to many recipients. A fully opted-in newsletter can still earn complaints if the topic, frequency, sender identity, or unsubscribe path does not match recipient expectations.
- List quality: Suppress inactive recipients and remove addresses that never engage with Microsoft mailboxes.
- Expectation match: Make the sender name, subject, and first screen match what the subscriber asked to receive.
- Unsubscribe path: Make leaving the list easier than reporting the message as junk.
- Stream separation: Separate newsletters, product updates, receipts, and support mail by subdomain and sending stream.
- Volume control: Reduce frequency for recipients who stop opening or clicking, especially at Microsoft domains.
- IP hygiene: Move away from shared infrastructure when neighboring senders keep creating Microsoft reputation issues.
If SCL is also high, widen the fix. Then content, authentication, DMARC policy, link reputation, and malware or spoofing signals need equal attention. The SCL headers view is useful when the header values do not match the final folder placement.
Where Suped fits
Suped cannot force Microsoft to lower an SCL or BCL score. No sender-side platform can. Suped's product helps with the part you control: proving authentication, finding broken sources, monitoring DMARC policy, spotting SPF and DKIM problems, watching blocklist and blacklist exposure, and turning report data into fixes.
DMARC record detail view showing SPF, DKIM, DMARC, rDNS diagnostics, and DNS records
For most teams, Suped is the strongest practical DMARC platform around this workflow because it connects DMARC, SPF, DKIM, hosted SPF, hosted DMARC, hosted MTA-STS, blocklist monitoring, and real-time alerts in one place. That matters when Microsoft filtering is the symptom but the cause sits across authentication, sender setup, or reputation.
Use Suped to keep the evidence clean
- Issues: Automated detection points you to failing sources and the steps to fix them.
- Alerts: Real-time alerts help you catch authentication failures before they become a wider deliverability problem.
- MSP scale: Multi-tenancy keeps client domains, reports, and sender sources organized.
- DNS control: Hosted SPF and hosted DMARC reduce repeated DNS changes during policy staging.
If the main issue is BCL, Suped helps you rule out the avoidable technical causes first. Then the remaining work is list quality, recipient expectation, content fit, and Microsoft-specific sending history. For high BCL cases, this high BCL fixes page goes deeper into that path.
Views from the trenches
Best practices
Capture full Microsoft headers before changing DNS, content, or the sending platform.
Separate bulk streams from transactional mail so ratings do not blur distinct causes.
Compare BCL thresholds across tenants before declaring a universal Microsoft issue.
Common pitfalls
Treating BCL as an IP-only score misses content, audience, and complaint signals.
Assuming SCL 1 means no risk ignores tenant bulk settings and BCL enforcement rules.
Using shared IPs without monitoring neighboring reputation can hide Microsoft risks.
Expert tips
Track SCL, BCL, authentication, and folder placement together for every seed test.
Use a dedicated newsletter subdomain when bulk mail differs from core business mail.
Fix list fatigue before template polish when BCL rises and SCL stays consistently low.
Expert from Email Geeks says SCL measures how likely Microsoft thinks a message is spam, while BCL identifies bulk mail and the complaint pattern behind that bulk stream.
2023-10-23 - Email Geeks
Marketer from Email Geeks says BCL enforcement depends on the recipient tenant, so the same BCL value can pass one Microsoft 365 organization and hit junk in another.
2023-10-23 - Email Geeks
The practical takeaway
SCL and BCL affect email deliverability through different paths. SCL is the spam confidence verdict for a message. BCL is the bulk complaint rating for mail that Microsoft identifies as bulk. Both can influence inbox placement, but BCL is especially dependent on the recipient tenant's bulk threshold.
When you see SCL 1 and BCL 5, read it as "not spammy enough for the SCL filter, but still bulk with mixed complaints." Fix the basics first: authentication, DMARC visibility, blocklist or blacklist status, sending stream separation, and full header collection. Then work on the harder part, which is reducing unwanted bulk signals by improving list quality, relevance, unsubscribe handling, and sending cadence.
