question

CristianRuiz-1195 avatar image
0 Votes"
CristianRuiz-1195 asked ZhengqiLou-MSFT commented

M365: customer email is quarantined when body includes specific website url

Hello,
we have an issue with our customer, their emails are being quarantined when they include their website url in the body of the message. Is like the URL is in a kind of black list. But I did not find anything yet. And I can not search in microsoft like a blacklist they have or somehing like that.

Does anyone know how to handle this issue?

thanks in advance

office-exchange-online-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@CristianRuiz-1195
As your issue is more related to Exchange, I would modify the tag to be "office-exchange-online-itpro".
Thanks for your understanding.

0 Votes 0 ·
ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered

Hi @CristianRuiz-1195 ,

You could see the quarantined messages here: https://security.microsoft.com/quarantine, you could find the reason and the specific part that caused the quarantine.
Check if the URLs are added to the block list here: https://protection.office.com/tenantAllowBlockList?viewid=Url

And for your situation, you could add your customers to the safe sender list with transport rules: Create safe sender lists in EOP
110548-image.png

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (39.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CristianRuiz-1195 avatar image
0 Votes"
CristianRuiz-1195 answered ZhengqiLou-MSFT commented

Hello Zenqkilu,
thanks for your reply.

The URL was not added to our block list, and I know how to see the emails in quarantine, and how to create a rule to allow them.
But our customer is having trouble to send emails to us and to others recipients from different companys.
What we want to do is to resolve the issue to our customer. Is possible that the URL was put it in a global spam black list. I checked it using mxtoolbox but is not appering there.

Do you know if Microsoft has a own black list, and how to check the URL in it?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @CristianRuiz-1195 ,

I searched the Microsoft documents and didn't found an official black list like you said.
what are the quarantine details of these messages, like Quarantine reason, Policy type etc..?

Are you, your customers and other recipients from different companies all in different tenants? If that's what we are talking about, I think you could add your customers' domain to the allow list:
Threat management > Policy > Anti-spam policies > inbound policy > Allowed domains
110819-image.png
Add the customers' domains.

As for the anti-spam check between your customer and other recipients, I think this needs the other companies to add this customer to their allow list.

Best regards,
Lou

0 Votes 0 ·
image.png (36.8 KiB)
CristianRuiz-1195 avatar image
0 Votes"
CristianRuiz-1195 answered ZhengqiLou-MSFT commented

what are the quarantine details of these messages, like Quarantine reason, Policy type etc..?
Quarantine reason in spanish is: "Cebo de alta confianza" that I do not know how to translate to english, and the policy type is the default anti-spam policy.

My customer told me that their customers are having trouble to get their emails, I do not know what email systems they have. I suppose that several of them are having Exchange Online like us, but I do not have that information.

What We can see is that, when they put the URL "www.nameofthecompany.com.ar" in any part of the email, the email gets stuck in our EOP quarantine, and I am supposing that if EOP marks that email as spam, others antispam systems are doing the same.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @CristianRuiz-1195 ,

Then the Anti-Spam policy should be the reason to block these messages, as for the Spanish messages, it's like net fishing.

So I think you're right, the URL www..ar could be considered as a fishing URL by the O365 Anti-Spam policy.
Will adding this URL to the allow list making any difference? The customers still could not send messages with this URL to you?

Let's say you are A, your customers are B, your customers' customer is C. Then do A and B in one M365 domain or they are related with each other? And is C apart from your organization which means they are the "external" to you and your customers?

I think if that's the case, C should add the URL to their allow list to bypass anti-spam checking.

Best regards,
Lou

0 Votes 0 ·

Hi @CristianRuiz-1195 ,

Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

If you are still stuck in this issue, please feel free to post your questions.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·