Forum Discussion

Harald Bacik's avatar
Harald Bacik
Copper Contributor
Dec 08, 2017
Solved

External software sends email and is marked as outgoing SPAM

Hey everybody!

 

We use an external software to send emails.

All these emails get marked as outgoing SPAM.

How can I avoid this?

We use SMTP Sending with TLS activated.

And it only happens, when using to send via a shared mailbox.

 

THX a lot 

office 365

10 Replies

  • JohnSen685's avatar
    JohnSen685
    Copper Contributor
    Oct 28, 2024

    Harald Bacik This is not an outlook problem. Emails that are not authenticated or have low email reputation simply go to spam. One of the ways is to use https://emailwarmup.com/ to boost your reputation.

  • EDIT Support's avatar
    EDIT Support
    Brass Contributor
    Dec 08, 2017

    It shouldn't make any difference if you have configured an application to send using SMTP client submission (recommended option here - https://support.office.com/en-gb/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4)

     

    Inspect the header of an email marked as SPAM, that might give you an idea. I assume you have SPF records configured correctly.

    • Nestori Syynimaa's avatar
      Nestori Syynimaa
      MVP
      Dec 08, 2017
      I agree, when using SMTP client submission, the external software connects to Office 365 and sends email as any other user.

      However, Harald mentioned that this only happens with a shared mailbox. When you're using a shared mailbox to send email, the user who sends the email needs a mailbox (i.e. license). But this shouldn't cause that either.

      So Harald: check the headers of your email as there has to be something wrong with the content.
      • Harald Bacik's avatar
        Harald Bacik
        Copper Contributor
        Dec 08, 2017

        Okay.

        I checked the header with an analyzer tool and this is the information:

         

         1. Entry (line 5):
              Original line: from ERWINROTHER-PC (91.112.208.185) by AM0PR0602MB3427.eurprd06.prod.outlook.com (2603:10a6:208:21::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 7 Dec 2017 14:24:00 +0000
              Sender:        91.112.208.185
              Sender (IP):   2603:10a6:208:21::29
              Sender (from): ERWINROTHER-PC
              Received from: AM0PR0602MB3427.eurprd06.prod.outlook.com
              Received time: 07.12.2017 14:24:00 (UTC)
              Duration:      00:00:13
              Analysis:
                The sender host name is possible forged.
                  The host name in "from" (ERWINROTHER-PC) does not match the client host name (91.112.208.185).
                The domain names does not match.
                  The recipient domain of this entry (outlook.com) should be
                  the sender domain of the next entry (154.175).
                  This is often due to an IP address change, such as network address translation (NAT) of a private IP address to a public one.

           2. Entry (line 4):
              Original line: from EUR01-DB5-obe.outbound.protection.outlook.com (213.199.154.175) by HE1EUR02FT049.mail.protection.outlook.com (10.152.11.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.282.5 via Frontend Transport; Thu, 7 Dec 2017 14:24:13 +0000
              Sender:        213.199.154.175
              Sender (IP):   10.152.11.8
              Sender (from): EUR01-DB5-obe.outbound.protection.outlook.com
              Received from: HE1EUR02FT049.mail.protection.outlook.com
              Received time: 07.12.2017 14:24:13 (UTC)
              Duration:      00:00:00
              Analysis:
                The IP address of the sender is not a public IP address.
                The sender and/or the recipient seems to be from a non-public network.
                The sender host name is possible forged.
                  The host name in "from" (EUR01-DB5-obe.outbound.protection.outlook.com) does not match the client host name (213.199.154.175).
                There are no host or domain names available for a comparison.

           3. Entry (line 3):
              Original line: from HE1EUR02FT049.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::203) by DB6PR07CA0190.outlook.office365.com (2603:10a6:6:42::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.323.4 via Frontend Transport; Thu, 7 Dec 2017 14:24:13 +0000
              Sender:        2a01:111:f400:7e05::203
              Sender (IP):   2603:10a6:6:42::20
              Sender (from): HE1EUR02FT049.eop-EUR02.prod.protection.outlook.com
              Received from: DB6PR07CA0190.outlook.office365.com
              Received time: 07.12.2017 14:24:13 (UTC)
              Duration:      00:00:01
              Analysis:
                The sender host name is possible forged.
                  The host name in "from" (HE1EUR02FT049.eop-EUR02.prod.protection.outlook.com) does not match the client host name (2a01:111:f400:7e05::203).
                There are no host or domain names available for a comparison.

           4. Entry (line 2):
              Original line: from DB6PR07CA0190.eurprd07.prod.outlook.com (2603:10a6:6:42::20) by AM5PR0701MB2737.eurprd07.prod.outlook.com (2603:10a6:203:76::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.3; Thu, 7 Dec 2017 14:24:14 +0000
              Sender:        2603:10a6:6:42::20
              Sender (IP):   2603:10a6:203:76::11
              Sender (from): DB6PR07CA0190.eurprd07.prod.outlook.com
              Received from: AM5PR0701MB2737.eurprd07.prod.outlook.com
              Received time: 07.12.2017 14:24:14 (UTC)
              Duration:      00:00:00
              Analysis:
                The sender host name is possible forged.
                  The host name in "from" (DB6PR07CA0190.eurprd07.prod.outlook.com) does not match the client host name (2603:10a6:6:42::20).
                The domain names does not match.
                  The recipient domain of this entry (outlook.com) should be
                  the sender domain of the next entry (93.139).
                  This is often due to an IP address change, such as network address translation (NAT) of a private IP address to a public one.

           5. Entry (line 1):
              Original line: from AM5PR0701MB2737.eurprd07.prod.outlook.com (10.173.93.139) by VI1PR0701MB2750.eurprd07.prod.outlook.com (10.173.80.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.3 via Mailbox Transport; Thu, 7 Dec 2017 14:24:14 +0000
              Sender:        10.173.93.139
              Sender (IP):   10.173.80.150
              Sender (from): AM5PR0701MB2737.eurprd07.prod.outlook.com
              Received from: VI1PR0701MB2750.eurprd07.prod.outlook.com
              Received time: 07.12.2017 14:24:14 (UTC)
              Duration:      ---
              Analysis:
                This entry was added by the recipients mail server.
                The IP address of the sender is not a public IP address.
                The sender and/or the recipient seems to be from a non-public network.
                The sender host name is possible forged.
                  The host name in "from" (AM5PR0701MB2737.eurprd07.prod.outlook.com) does not match the client host name (10.173.93.139).

         

    • Harald Bacik's avatar
      Harald Bacik
      Copper Contributor
      Dec 08, 2017

      SPF is set correct

       

      "v=spf1 include:spf.protection.outlook.com -all"

       

      As I can see ;)

      • Crimson Castellon's avatar
        Crimson Castellon
        Copper Contributor
        Dec 08, 2017
        Are you using SMTP client submission or SMTP Relay with IP-based connector? If it's the latter, may need to update your SPF with your 3rd party's public IP address.