Forum Discussion

CB-MD's avatar
CB-MD
Copper Contributor
Aug 18, 2025
Solved

Emails from our custom domain ends up in quarantine

Hello, I have an issue with emails coming from one of our custom domains being detected as phishing for identity theft reason.   We've got the main domain on Microsoft 365, let's call it: "domain-e...
admin
Domains
microsoft 365 admin center
  • Walid_91's avatar
    Walid_91
    Sep 18, 2025

    Hello CB-MD, 

    You have correctly identified the root cause and the first step to solving it, is either to Add the second domain to Microsodft 365 but without getting to the last step which is configuring the DNS records (MX, CNAME, etc), by stopping at this step, the only consequence is that MS365 now knows domainexample.com is a legitimate domain associated with your company.. and this is what you want, after that all your mailflow , mailboxes and all other services will remain with IONOS. 

    Then, you can create a rule to bypass Phishing Protection for your second domain, by following the following steps: 
    1- Go to the Microsoft 365 Defender Portal: Navigate to security.microsoft.com
    2- Go to Policies: In the left pane, select Email & collaboration > Policies & rules > Threat policies > Anti-phishing.
    3-Create a new policy or edit the default one.
    4-Under the "Phishing threshold & protection" settings, you may find an option to create an exception. Add domainexample.com to the list of domains that are "trusted" or "excluded from spoofing protection."
    5-Save the policy.

Walid_91's avatar
Walid_91
Copper Contributor
Sep 18, 2025

Hello CB-MD, 

You have correctly identified the root cause and the first step to solving it, is either to Add the second domain to Microsodft 365 but without getting to the last step which is configuring the DNS records (MX, CNAME, etc), by stopping at this step, the only consequence is that MS365 now knows domainexample.com is a legitimate domain associated with your company.. and this is what you want, after that all your mailflow , mailboxes and all other services will remain with IONOS. 

Then, you can create a rule to bypass Phishing Protection for your second domain, by following the following steps: 
1- Go to the Microsoft 365 Defender Portal: Navigate to security.microsoft.com
2- Go to Policies: In the left pane, select Email & collaboration > Policies & rules > Threat policies > Anti-phishing.
3-Create a new policy or edit the default one.
4-Under the "Phishing threshold & protection" settings, you may find an option to create an exception. Add domainexample.com to the list of domains that are "trusted" or "excluded from spoofing protection."
5-Save the policy.

CB-MD's avatar
CB-MD
Copper Contributor
Sep 22, 2025

Hello Walid_91,

 

It worked but a step was missing, after I added my second domain "domainexample.com" to Microsoft 365, my emails didn't end up in quarantine, as expected, but when I sent emails from domaine-example.com to domainexample.com I received a bounce message stating that the email address couldn't be found: 

550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient email address removed for privacy reasons not found by SMTP address lookup

I was very surprised because I ignored the DNS step, like you told me, but when a new domain is added it is added to "Accepted Domains" in the Exchange Admin Center, and it is set by default as Authoritative: Email is delivered to email addresses that are listed for recipients in Microsoft 365 or Office 365 for this domain. Emails for unknown recipients are rejected.

So I changed it to Internal relay: Recipients for this domain can be in Microsoft 365 or Office 365 or your own email servers. Email is delivered to known recipients in Office 365 or is relayed to your own email server if the recipients aren't known to Microsoft 365 or Office 365.

 

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains

 

Then it worked as intended, my second domain remains on IONOS, unchanged, and emails from it don't end up in quarantine, at least not ours, I hope it will be the same result for external recipients.

 

I removed the rule allowing to bypass phishing protection, that's what I used before adding domains, I don't need it anymore.

 

Thanks again, have a nice day.

  • Walid_91's avatar
    Walid_91
    Copper Contributor
    Sep 23, 2025

    Hello CB-MD, 

    I'm pleased that my solution was helpful and enabled you to identify, troubleshoot, and resolve the issue.

    I should have mentioned earlier that exampledomain.com is set as an authoritative domain by default, and an additional step was required to make it work.

    Changing it to "Internal Relay" was exactly what was needed, as it allows mail to be routed to your IONOS server correctly.

    Thank you for your thorough detailed follow-up, indeed, the anti-phishing policy is no longer necessary. 

    Have a nice day and good luck.

    Walid

     

     

Resources