Overview of Spam-Filtering Features
The spam-filtering functionality available on the Mailbox server role is not enabled by default. If you do not have an SMTP gateway, Exchange Edge Transport server, or online anti-spam solution, you should enable spam filtering in Exchange Server 2016. To enable and configure anti-spam filtering in Exchange 2016, you should use the Exchange Management Shell. You cannot configure spam-filtering with the Exchange Admin Center.
Mailbox Server and Edge Server Anti-Spam Agents
Based on the default priority value of the antispam agent, and the SMTP event in the transport pipeline where the agent is registered, this is the order that the antispam agents are applied to messages on Exchange 2016 servers:
Connection Filtering (Edge only)
Filters messages based on the IP address connecting to the Exchange server. This functionality is provided by the Exchange Server 2016 Edge Transport role.
Filters messages based on the sender in the MAIL FROM: SMTP header in the message.
Filters messages based on the recipients in the RCPT TO: SMTP header in the message.
Filters messages by verifying the IP address of the sending SMTP server against the purported owner of the sending domain.
Filters messages based on the message contents. This agent users Microsoft SmartScreen technology to assess the message contents. It also supports safelist aggregation.
Sender Reputation Filtering
Filters messages based on many sender characteristics accumulated over a specific period.
Attachment Filtering (Edge only)
Filters messages of attachments based on the attachment types the messages contain. This functionality is provided by the Exchange Server 2016 Edge Transport role.
Anti-spam configuration filtering features in Exchange Server 2016 are only performed by using Exchange Management Shell. The filtering agents are not installed by default. To install all anti-spam agents, you should run the Install-AntiSpamAgents.ps1 script in Exchange Management Shell, located in the following path: ExchangeInstallPath\Scripts, where ExchangeInstallPath is a variable that represents a folder where Exchange Server files have been installed.
Note: You can view all the agents installed on the Mailbox server by using the Get-TransportAgent cmdlet on the Mailbox server.
In Exchange Server 2016, the Content Filter agent on the Mailbox server uses the Microsoft Office Outlook Safe Senders lists, Safe Recipients lists, and trusted contacts to optimize spam filtering. Safelist aggregation is a set of anti-spam functionality that Outlook and Exchange Server 2016 share. This anti-spam functionality collects data from the anti-spam safe lists that Outlook users configure, and makes this data available to the anti-spam agents on the Mailbox server. You must use the Update-Safelist cmdlet to configure safelist aggregation.
Default anti-spam and antivirus filtering flow diagram
To see the diagram click here: Understanding Anti-Spam and Antivirus Mail Flow.