Emails containing a certain phrase being identified as outbound (and inbound) spam

Hi,
I'm sorry to hear that you're having difficulties.

You can try this:

go to https://outlook.office365.com/ecp
go to mail flow
go to rules
add a rule with bypass filtering
apply this rule if the subject or body is ….

Please let me know I'm happy to try to solve your problem.

Hi olliedc,

According to your description, I understand that some emails sent to external and internal are identified as spam, and from your thought, it might be caused by programmer name.

SPF record helps to validate outbound email sent from your custom domain. Please let your admin check and update the custom domain SPF record for Office 365: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-spf-in-office-365-to-help-prevent-spoofing .

As Office365 anti-spam filter is inbound filtering, you may also let admin check whether there are any relevant spam filter policy configured in organization.

Please let admin run messages trace to check if these emails matched any organization configurations: Message trace in the Office 365 Security & Compliance Center.

At the meantime, I’d like to confirm the following information:

1. About “Emails containing a certain phrase being identified as outbound (and inbound) spam”, if all emails that contains certain phrase, no matter they are send to external, or to internal, delivered to recipients’ Junk/Spam folder?

2. For internal emails, if an email is sent to an internal user and went directly to junk folder, would you please share this email messages header as well as a full screenshot of this email messages trace results to me via Private Messages?

3. How many users are affected in your organization?

Thanks,

Anna

Hi olliedc,

We haven't heard back from you, you can share with us if you have any updates for this issue.

Regards,

Anna

Hello olliedc,

Thanks for your information. I checked these message headers, in their “X-Forefront-Antispam-Report”, there’s a value: SFV: SPM, which indicates that this messages has marked as spam by content filter on recipient side. Here’s the reference: https://docs.microsoft.com/en-us/office365/SecurityCompliance/anti-spam-message-headers, https://blogs.technet.microsoft.com/exovoice/2016/09/12/basic-spam-troubleshooting-in-office-365/ .

In this situation, I suggest you to submit the emails to spam teams for analyzing: https://docs.microsoft.com/en-us/office365/SecurityCompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis, meantime, let your client add your domain to their allow list as a workaround.

Thanks,

Anna

Thank you Anna.

I've now also obtained some "internal" headers... where an outgoing email has been marked as spam with an SCL of 5, but using the Exchange "Outgoing Spam" settings of Office 365 has caused the message to be BCC'd to an internal recipient.  I've PM'd you a couple of these headers in case they are helpful, and will add message trace screenshots to that thread shortly.

Many thanks

Hi olliedc,

I noticed that these emails have some headers like: X-Microsoft-Exchange-Diagnostics-untrusted, X-Microsoft-Antispam-Untrusted,     X-Forefront-Antispam-Report-Untrusted except for that internal message which was Bcced to an internal user. You can use Message Analyzer tool to check them: https://testconnectivity.microsoft.com/ .

To locate whether these untrusted headers caused this issue, please let your admin create test Transport rules to remove these headers, for example to remove one header like following, and check if it is workable:

You may let admin apply this rule on one test account to check it.

At the same time, about internal email marked as spam, if convenient, could you please also provide a messages header that sent from an impacted internal account directly to another internal account? And how many internal user are affected?

Thanks,

Anna