My client is experiencing continued issues with emails from several internal users regularly (but not always) being caught by the O365 Outgoing Spam Filter (identified as such emails are configured to be forwarded to their administrator for attention under Exchange Admin Center, Protection, Outbound Spam, Outbound Spam Preferences).
More often than not the SCL in these emails is set to 5. The header of one of the latest emails to be caught in this way is:
X-Forefront-Antispam-Report-Untrusted: SFV:SPM;SFS:(10019020)(346002)(136003)(39840400004)(396003)(376002)(366004)(189003)(199004)(68736007)(733005)(53936002)(81156014)(81166006)(6436002)(186003)(8676002)(99286004)(15188155005)(16799955002)(6486002)(8936002)(53546011)(105586002)(106356001)(102836004)(93886005)(76176011)(316002)(6246003)(386003)(606006)(53946003)(52116002)(26005)(6506007)(97736004)(236005)(6306002)(54896002)(6512007)(3846002)(6116002)(5660300002)(7736002)(2906002)(36756003)(11346002)(53376002)(71190400001)(229853002)(6916009)(31686004)(9886003)(508600001)(14454004)(966005)(25786009)(2616005)(66066001)(256004)(476003)(31696002)(446003)(71200400001)(486006)(86362001)(59010400001);DIR:OUT;SFP:1501;SCL:5;SRVR:CWLP265MB1668;H:CWLP265MB0161.GBRP265.PROD.OUTLOOK.COM;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
The client represents a number of artists in the entertainment industry, particularly those taking part in reality shows, and as such their email threads often contain topics such as "dating" which I wonder if is having an effect.
Is there anything I can do to understand the cause of this further? Whilst emails do still seem to be reaching their recipients, they are often placed into Junk Mail folders - presumably as emails flagged as SCL5 by Microsoft go out of higher risk mail servers and therefore stand more chance of being also flagged at the receiving end. It is inconvenient for the client to regularly ask their recipients to whitelist them, which is not a problem they ever experienced before migrating to Office 365 early last year.
Coupled with significant inbound phishing attacks targeting the client with email pretending to be from Microsoft - again a problem that has only arisen since migrating to Office 365, presumably as the Phishers identify those with Office 365 MX and other DNS records - and many of these get straight through EOP causing a double-whammy, the client is not overly happy with their provider choice at the present time.
Many thanks