question

MichaelAdams-5874 avatar image
0 Votes"
MichaelAdams-5874 asked AndyDavid commented

Exchange Online Non-Spam Emails Going Directly to Quarantine

I have emails from one customer where every email received by my Exchange Online (Office 365) account are going to Quarantine. I have other emails from other domains that are not spam also going to Quarantine, too. I had my customer send me an email saying "This is a test", and it was Quarantined. In addition, my customer's domain is not only any spam list. Something is horrible broken on Exchange Online. I can't add every domain to an allow list and I can't predict which domains I will receive emails from. Nor can my customer's go ask every company they email to contact their IT department ahead of time to put the domain on an Allow List. In other words, Microsoft's spam filtering is a business killer. I can pinpoint when this started to the day, March 27th.

So the questions are:

1) What happened to the spam filtering on March 27th where it is now 100% inaccurate?
2) How does a company get their domain off Microsoft's inaccurate spam block list?

office-exchange-online-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Any progress here?

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered

Usually messages are categorized as junk or phish if they fail to pass to necessary auth tests.
If an org was on a block list, the message would be rejected, not simply quarantined.

So for the customer that set you a test message,

Can you post the headers of the message with the personal information removed?

Look up their domain here:

https://mxtoolbox.com/

What does it show for DMARC?

How about for SPF?
https://mxtoolbox.com/spf.aspx


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered

Hi @MichaelAdams-5874

What's the quarantine reason for these emails? Like Andy suggest above, please check the configuration of their SPF and DMARC records.

Like the issue in this thread: Emails getting stuck in quarantine, multiple SPFs, etc...

Here is the official document introduces about How EOP works, you could check the configuration for your connection filter and anti-malware as well.

If you have checked all the configurations properly, the issue still exists, we could consider feedback this issue to the o365 support.

Ways to contact support for business products - Admin Help


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
 

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelAdams-5874 avatar image
0 Votes"
MichaelAdams-5874 answered AndyDavid commented

I appreciate you guys getting back to me. I am a bit slow getting back, but I did do quite a bit of research based on your suggestions.

At one point, I did find multiple SPF records. I got that fixed, but it did not clear the problem. I waited a few days, and still no improvement.

We are sending these emails through a third party SMTP service. They require two DKIM records, which we have.

We do not have a DMARC record. I will create one. Any tips on keeping the spammers from blasting the mailto addresses for rua and ruf tags?

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

For detailed information about Enabling DMARC

rua Addresses to which aggregate feedback is to be sent – Optional E-mail addresses in the format mailto:mbx@domain.com. Multiple addresses should be comma separated.

ruf Addresses to which message-specific failure information is to be reported – Optional E-mail addresses in the format mailto:mbx@domain.com. Multiple addresses should be comma separated.


0 Votes 0 ·

Hi Joyce,

Thanks for the response. Are these emails going to get spammed to death?

0 Votes 0 ·

no more than any other email address :)

0 Votes 0 ·
Show more comments