Forum Discussion

MathieuVandenHautte's avatar
MathieuVandenHautte
Steel Contributor
Mar 20, 2023

Anti-spam protection policy (scan2mail) false positives

Hi all, there seems to be a big change in the default anti-spam protection policy settings in Exchange Online. Since today a lot of our customer's emails (scan2mails) are suddenly filtered as SPAM.


SPF records and connectors for Office 365 SMTP relays are and were configured as recommended in the MS docs.


I escalated this issue today to Microsoft 365 support. I'll keep you all posted.

 

UPDATE 03/21/2023: I just had an MS Teams call with MS support and also shared the submission ID’s.

 

UPDATE 03/22/2023: MS support let me know that their engineering team could mitigated the issue. Please open a support request and pass them the tenant- and submission ID's.

 

UPDATE 03/22/2023: Some users' email messages are unexpectedly delivered to the Junk Email folder or quarantined in Exchange Online (ID: EX530821) - Status: Service Restored.

  • MathieuVandenHautte 

    Any change from your side say EOP, security and compliance setting?

    May dig our some sample Email to perform message trace to learn more about your case

     

  • Bemaxlala's avatar
    Bemaxlala
    Copper Contributor
    We are also seeing a lot more false positives on multiple clients since a few days.
    Please keep posting here if you find anything regarding changes.
    • MathieuVandenHautte's avatar
      MathieuVandenHautte
      Steel Contributor
      Hi Bemaxlala, MS support let me know that their engineering team could mitigated the issue. Please open a support request and pass them the tenant- and submission ID's.
  • ExMSW4319's avatar
    ExMSW4319
    Iron Contributor

    MathieuVandenHautte 

     

    Problem appears to be slackening.

     

    Submission verdicts all come back "Not spam. Should not have been blocked."

     

    Nothing relevant in Service Health indicating there was a problem.

    • MathieuVandenHautte's avatar
      MathieuVandenHautte
      Steel Contributor
      EX530821: Exchange Online Service Health Notification

      Some users' email messages are unexpectedly delivered to the Junk Email folder or quarantined in Exchange Online

      Final status: We’ve determined that a recent update to optimize the detection proficiency of potential spam prior to delivery caused some legitimate messages to be incorrectly flagged and delivered to the Junk Email folder or quarantined in Exchange Online. We’ve published an update to our detection systems to address this issue and confirmed via telemetry that that the issue is resolved.
    • Mrbendo's avatar
      Mrbendo
      Copper Contributor

      Like ExMSW4319 above, we have a similar looking report:

      Its rather galling to have support tell us that nothing has changed.  Clearly something has changed.  Fortunately on this post, there has been communication thru @MathieuVandenHautte that there is an issue with emails being misidentified.  I even saw a post that said someone at Microsoft acknowledged that spammers had found a way to circumvent some of the spam filtering and this was the cause in the uptick.  Its unfortunate that Microsoft can't admit this is the case on their health status notifications.  Our company has tech savy bosses who know tro look for these health alerts.  When these issues are properly identified and noted in posts, the burden falls on our staff for explaining whats happening.  Our staff gets hung out to dry because MS refuses to acknowledge the issue.  MS needs to know this approach to minimizing reported outages is not popular and a terrible way to treat their extended support family!

Resources