Ask a new question

Outgoing Office 365 (Business) Email Flagged As Spam (SCL:5)

My client is experiencing continued issues with emails from several internal users regularly (but not always) being caught by the O365 Outgoing Spam Filter (identified as such emails are configured to be forwarded to their administrator for attention under Exchange Admin Center, Protection, Outbound Spam, Outbound Spam Preferences).

More often than not the SCL in these emails is set to 5.  The header of one of the latest emails to be caught in this way is:

X-Forefront-Antispam-Report-Untrusted: SFV:SPM;SFS:(10019020)(346002)(136003)(39840400004)(396003)(376002)(366004)(189003)(199004)(68736007)(733005)(53936002)(81156014)(81166006)(6436002)(186003)(8676002)(99286004)(15188155005)(16799955002)(6486002)(8936002)(53546011)(105586002)(106356001)(102836004)(93886005)(76176011)(316002)(6246003)(386003)(606006)(53946003)(52116002)(26005)(6506007)(97736004)(236005)(6306002)(54896002)(6512007)(3846002)(6116002)(5660300002)(7736002)(2906002)(36756003)(11346002)(53376002)(71190400001)(229853002)(6916009)(31686004)(9886003)(508600001)(14454004)(966005)(25786009)(2616005)(66066001)(256004)(476003)(31696002)(446003)(71200400001)(486006)(86362001)(59010400001);DIR:OUT;SFP:1501;SCL:5;SRVR:CWLP265MB1668;H:CWLP265MB0161.GBRP265.PROD.OUTLOOK.COM;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;

The client represents a number of artists in the entertainment industry, particularly those taking part in reality shows, and as such their email threads often contain topics such as "dating" which I wonder if is having an effect.  

Is there anything I can do to understand the cause of this further?  Whilst emails do still seem to be reaching their recipients, they are often placed into Junk Mail folders - presumably as emails flagged as SCL5 by Microsoft go out of higher risk mail servers and therefore stand more chance of being also flagged at the receiving end.  It is inconvenient for the client to regularly ask their recipients to whitelist them, which is not a problem they ever experienced before migrating to Office 365 early last year.

Coupled with significant inbound phishing attacks targeting the client with email pretending to be from Microsoft - again a problem that has only arisen since migrating to Office 365, presumably as the Phishers identify those with Office 365 MX and other DNS records - and many of these get straight through EOP causing a double-whammy, the client is not overly happy with their provider choice at the present time.

Many thanks

Hello Olliedc,

 

Thanks for your post in the forum. Based on the information you provided, the affected senders may be considered as sending many spam emails so that the SCL will be set as 5.

 

To avoid it, you can try the following 2 methods:

1. Configure the spam filter policies and add the affected senders to the allow list.

2. Use mail flow rules to set the spam confidence level (SCL) in messages. Set SCL as 0 via Mail Flow rules or bypass the spam filter for internal emails, so that the message will not be marked as junk emails.

 

Regards,

Rick

-----------------------

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps please, as it will be beneficial to more Community members reading here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Olliedc,

May I know if you need more help on it?

Regards,

Rick

-----------------------

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps please, as it will be beneficial to more Community members reading here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Rick

The problem is that these users are NOT sending spam so therefore it's not right that their emails are often (but not always) being classified with SCL5.  Changing the settings you have mentioned will stop their emails being identified internally as spam, but will surely not help the deliverability of their emails externally as the emails will still presumably be routed through the higher risk delivery pool mail servers;  the only net result is we wouldn't know if the user's accounts were compromised and used to send spam until they reached the level of being suspended!

As I said before, it's highly frustrating that legitimate business emails are being flagged as spam in this way, yet repeated phishing emails purporting to be from Microsoft coming into the Office tenancy from outside are not being correctly identified as phishing/spam, and are ending up in user's inboxes.  With the latter we can obviously employ a more advanced third party anti-phishing solution, but you would think EOP would at least be better at filtering out fake "Microsoft" emails, seeing how it generates so many false positives on outgoing emails.

Can we report these outgoing emails anywhere with a vain hope that the outgoing spam detection can be improved to stop identifying these genuine emails as spam?  Or perhaps you can advise another reason why the emails are being identified as such.

Many thanks 

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Olliedc,

 

In order to investigate to the issue further and figure why the message is marked as spam, I want to collect the affected message’s entire mail header. Please double-click an email message to open it outside of the Reading Pane. Click File > Properties. Header information appears in the Internet headers box.

 

Please upload some mail headers and the tenant information via private message.

 

Regards,

Rick

-----------------------

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps please, as it will be beneficial to more Community members reading here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Olliedc,

Do you need more help on it? 

Regards,

Rick

-----------------------

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps please, as it will be beneficial to more Community members reading here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Many thanks, I've just now replied with a PM with the requested details.

Kind regards

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Olliedc,

 

I have checked your private message and here is what I found: The emails are marked as spam because of the EOP spam filter. Also, I found the sender’s IPs are blacklisted by third-party blacklists.

 

The possible reason is that the emails are marked as spam by EOP by false. Due to privacy, I have replied you via private message. Please check my reply for the following step.

 

Regards,

Rick

-----------------------

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps please, as it will be beneficial to more Community members reading here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated July 13, 2023 Views 5,165 Applies to: