question

VidarGrtte-9691 avatar image
0 Votes"
VidarGrtte-9691 asked 54829916 commented

Microsoft spam filter flags URL to legit business web site as malware for no discernible reason

Since mid July, Microsoft's spam-filter has been blocking all e-mails containing the URL to our company web site, but ONLY when the URL includes the 'www' part. References to the main domain work perfectly fine. This happens regardless of who the sender is, and the reason is given as 'anti-malware protection'.

We do know that the SSL certificate for our web site was incorrectly configured for the www variant of the URL for a while, but this was fixed on August 16th. We have since reviewed configuration and submitted the affected URL as a false positive through Microsoft 365 admin center several times, but the system still insists the URL should have been blocked. Again, the naked domain leading to the exact same content is accepted without a hitch.

Office 365 support, our web hosting company, and several IT consultants have been unable to identify a reason. Other systems we have tried, scan our web site as low risk and perfectly OK.

Can someone with insight in Microsofts spam filter find the concrete reason why the URL is blocked, so we can remedy whatever fault remains on our web site?
Could the URL still be affected by some sort of override/quarantine due to earlier certificate issues, and if so, how long it will last?

office-exchange-server-mailflow
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @VidarGrtte-9691

Thanks for visiting our forum, according to your description above, I know your isssue is that your company web site URL is cosidered malware and get blocked. Since our forum is focused on solving questions about Exchange server, and your issue is more related to how Microsoft backend judge and handle the spam/malware emails. We can do very little about this.

Here I would suggest you opening the service request in O365 or call them directly to clarify your question and get further suuport, thanks for your understanding!
Refer to this: Get support


0 Votes 0 ·

Thank you for your answer.
We've actually had an open request in O365 for a full month now, but they seem entirely unable to help, and just tried foisting us off to on-premise support.
At this point I will try every Microsoft resource I can find, though.

0 Votes 0 ·

Hi @VidarGrtte-9691

I would like to confirm with you, do the messages which include your company URL sent to other o365 tenant get blocked or other 3rd party mail servers?

Like I mentioned above, if the issue occurs for the messages sent to o365 tenant, it's indeed caused by the o365 backend audit process, we are not able to make any configuration to prevent such issue from Exchange (on-prem or online) side. It's better to let o365 backend to check why the URL is blocked and remove it from 'blacklist' so your message will not be blocked. Thanks for your understanding!

0 Votes 0 ·

Hello,

Did you resolve this issue ? We have the same problem and there's three tickets opened at Microsoft O365 support.

They didn't find and don't understand why our URL is balcklisted and quarantined.


Thanks in advance for you reply.

Have a great day.

0 Votes 0 ·
54829916 avatar image
0 Votes"
54829916 answered

Hello,

Did you resolve this issue ? We have the same problem and there's three tickets opened at Microsoft O365 support.

They didn't find and don't understand why our URL is balcklisted and quarantined.


Thanks in advance for you reply.

Have a great day.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

54829916 avatar image
0 Votes"
54829916 answered

Hello,

Did you resolve this issue ? We have the same problem and there's three tickets opened at Microsoft O365 support.

They didn't find and don't understand why our URL is balcklisted and quarantined.


Thanks in advance for you reply.

Have a great day.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VidarGrtte-9691 avatar image
0 Votes"
VidarGrtte-9691 answered 54829916 commented

Ultimately, web server configuration and/or site content was the issue, but it took some time to figure things out since Microsoft support cannot see the exact reason for the flagging.
We tried many different things, and the problem seemingly resolved on its own some time after our actions. This means we were unable to pinpoint one specific cause, but here's a description and some pointers that I hope can be helpful.

  • We started by looking at our email setup, and actually fixed some potential issues with rDNS and activated DKIM. No immediate result.

  • One important element turned out to be a misconfiguration on the web server, causing the wrong SSL certificate to be served when we included www in the URL. After our web hosting company remedied this, e-mails started to be classified as malware rather than phishing, but were still blocked.

  • The following days we also cleared out some outdated references and links from our web site and changed occurences of http to https or relative URLs to avoid mixed content.

  • Around 3 weeks after the certificate issue was remedied, e-mails with 'www' links suddenly started going through again, and we could only assume that some time was required for the O365 spam filter to refresh cached information or see improved reputation.

These may be helpful resources to check your domain:
MX Toolbox
Sucuri site checker
DNS blacklist lookup


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Thanks you for your reply and responsiveness !

Wee will do the maximum of possible actions and hope that we could resolve this issue.

Microsoft are unable to resolve it and give us the always the same advice : Move your domain on a Microsoft tenant.

It's pitty but this is the new (or last) World :)

Many thanks for your help

Have a nice weekend

0 Votes 0 ·