Forum Discussion
Emails from our custom domain ends up in quarantine
Hello, I have an issue with emails coming from one of our custom domains being detected as phishing for identity theft reason.
We've got the main domain on Microsoft 365, let's call it: "domain-example.com" and the second domain on IONOS : "domainexample.com" When we receive emails from this second domain it is detected as phishing since it is a domain name very close to our main domain, therefore those emails are placed into quarantine.
How do I resolve this issue? Can I indicate Microsoft 365 that this second domain is owned by our company, therefore the emails coming from this domain aren't identity theft attempts?
I found how to add a domain on Microsoft 365 Admin Center but I don't know what are the consequences of this action, I want to keep my domain on IONOS and send emails from their web server.
All I want is to stop emails from our company to end up into quarantine or spam folder.
Thank you.
Hello CB-MD,
You have correctly identified the root cause and the first step to solving it, is either to Add the second domain to Microsodft 365 but without getting to the last step which is configuring the DNS records (MX, CNAME, etc), by stopping at this step, the only consequence is that MS365 now knows domainexample.com is a legitimate domain associated with your company.. and this is what you want, after that all your mailflow , mailboxes and all other services will remain with IONOS.
Then, you can create a rule to bypass Phishing Protection for your second domain, by following the following steps:
1- Go to the Microsoft 365 Defender Portal: Navigate to security.microsoft.com
2- Go to Policies: In the left pane, select Email & collaboration > Policies & rules > Threat policies > Anti-phishing.
3-Create a new policy or edit the default one.
4-Under the "Phishing threshold & protection" settings, you may find an option to create an exception. Add domainexample.com to the list of domains that are "trusted" or "excluded from spoofing protection."
5-Save the policy.
4 Replies
Hello CB-MD,
You have correctly identified the root cause and the first step to solving it, is either to Add the second domain to Microsodft 365 but without getting to the last step which is configuring the DNS records (MX, CNAME, etc), by stopping at this step, the only consequence is that MS365 now knows domainexample.com is a legitimate domain associated with your company.. and this is what you want, after that all your mailflow , mailboxes and all other services will remain with IONOS.
Then, you can create a rule to bypass Phishing Protection for your second domain, by following the following steps:
1- Go to the Microsoft 365 Defender Portal: Navigate to security.microsoft.com
2- Go to Policies: In the left pane, select Email & collaboration > Policies & rules > Threat policies > Anti-phishing.
3-Create a new policy or edit the default one.
4-Under the "Phishing threshold & protection" settings, you may find an option to create an exception. Add domainexample.com to the list of domains that are "trusted" or "excluded from spoofing protection."
5-Save the policy.Hello Walid_91,
It worked but a step was missing, after I added my second domain "domainexample.com" to Microsoft 365, my emails didn't end up in quarantine, as expected, but when I sent emails from domaine-example.com to domainexample.com I received a bounce message stating that the email address couldn't be found:
550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient email address removed for privacy reasons not found by SMTP address lookup
I was very surprised because I ignored the DNS step, like you told me, but when a new domain is added it is added to "Accepted Domains" in the Exchange Admin Center, and it is set by default as Authoritative: Email is delivered to email addresses that are listed for recipients in Microsoft 365 or Office 365 for this domain. Emails for unknown recipients are rejected.
So I changed it to Internal relay: Recipients for this domain can be in Microsoft 365 or Office 365 or your own email servers. Email is delivered to known recipients in Office 365 or is relayed to your own email server if the recipients aren't known to Microsoft 365 or Office 365.
https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains
Then it worked as intended, my second domain remains on IONOS, unchanged, and emails from it don't end up in quarantine, at least not ours, I hope it will be the same result for external recipients.
I removed the rule allowing to bypass phishing protection, that's what I used before adding domains, I don't need it anymore.
Thanks again, have a nice day.
Hello CB-MD,
I'm pleased that my solution was helpful and enabled you to identify, troubleshoot, and resolve the issue.
I should have mentioned earlier that exampledomain.com is set as an authoritative domain by default, and an additional step was required to make it work.
Changing it to "Internal Relay" was exactly what was needed, as it allows mail to be routed to your IONOS server correctly.
Thank you for your thorough detailed follow-up, indeed, the anti-phishing policy is no longer necessary.
Have a nice day and good luck.
Walid
Hello Walid_91,
Thanks a lot, I will try that and get back to you if needed, else I'll mark it as solution.