Forum Discussion

eugenbascharin's avatar
eugenbascharin
Copper Contributor
Jan 28, 2026

M365 tenant emails marked as spam (SCL:5, CAT:PHISH) despite perfect authentication

Hello,

Our business emails from our M365 tenant are consistently marked as spam 
when sent to other M365 tenants, despite perfect email authentication.

Technical status:
- SPF: Pass ✓
- DKIM: Pass ✓ (recently enabled)
- DMARC: Pass ✓ (recently enabled)
- Composite Authentication: Pass (reason=100) ✓

But messages are still marked as:
- X-MS-Exchange-Organization-SCL: 5
- X-Forefront-Antispam-Report: CAT:PHISH;SFV:SPM

We suspect a tenant reputation issue, possibly because the tenant ran for 
months without DKIM enabled. Now that all authentication is correct, how 
can we request a reputation review?

Thank you!

exchange online

1 Reply

  • oliwer_sundgren's avatar
    oliwer_sundgren
    Steel Contributor
    Apr 08, 2026

    Hi! Since the DMARC alignment is perfect with both DKIM and SPF being passed, authentication should not be the issue. 

     

    Emails, especially in other Exchange Online orgs can receive a SCL of 5 or higher from various reasons. 

    The reasons could be for example 

    • Domain reputation 
    • Email content
      • Do you have links or attachments in your emails that are typically assigned an SCL score of 5 or higher? 
      • Any GIF:s or external links in your email signatures? 
      • Keywords and context of text in body and subject (Some combination of keywords can increase SCL score due to suspicion of it being spam or phishing 
    • Sending pattern and reputation of specific senders. (is it only specific senders whos emails receive an SCL of 5 or higher? 
    • Threat policies in receiving M365 tenants Defender settings. 
    • Is it emails sent directly from your tenant that is the issue, or is it emails that are sent from third party relays/services like Hubspot, Mailchimp, Mailgun, Sendgrid etc etc? In that case it could be that even if DMARC passes, these systems sending IPs could also have a bad reputation and cause an SCL increase. 

    Is it only to other M365 tenants specifically that emails receive an SCL of 5 or higher? What about other email servers/systems, or even private gmail addresses for example? 

     

    Regarding checking reputation, I would recommend that you check your domain via the following tool, it scans the top blacklists out there and tells you if your domain is on one of them 

    https://mxtoolbox.com/blacklists.aspx

     

    Hope this helps 

     

    Kind Regards

    Oliwer