Forum Discussion
New tenant and domain classed as phishing
Hi everyone.
I have searched and tried to find an answer on my questions but can't find anything.
I configured a new tenant with a new custom domain with "Enabled Security Defaults".
When my friends now tries to send emails they get "Spam Confidence Level 5" on every email they send?
They have a Microsoft 365 Business Premium license.
Country/Region SE
Language en
Spam Confidence Level 5
Spam Filtering Verdict SPM
IP Filter Verdict NLI
HELO/EHLO String SWE01-MM0-obe.outbound.protection.outlook.com
PTR Record mail-mm0swe01on2112.outbound.protection.outlook.com
Connecting IP Address 40.107.120.112
Protection Policy Category SPM
Spam rules (4636009)(58800400005)(9686003)(7116003)(55016003)(564344004)(19627405001)(83310400002)(6916009)(7696005)(26005)(33656002)(83380400001)(83320400002)(83280400002)(83290400002)(83300400002)(5660300002)(8676002)(356005)(6506007)(7636003)(8636004)(22186003)(336012)(1096003)(52536014)(86362001)(76010400004)
Source header CIP:40.107.120.112;CTRY:SE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:SWE01-MM0-obe.outbound.protection.outlook.com;PTR:mail-mm0swe01on2112.outbound.protection.outlook.com;CAT:SPM;SFS:(4636009)(58800400005)(9686003)(7116003)(55016003)(564344004)(19627405001)(83310400002)(6916009)(7696005)(26005)(33656002)(83380400001)(83320400002)(83280400002)(83290400002)(83300400002)(5660300002)(8676002)(356005)(6506007)(7636003)(8636004)(22186003)(336012)(1096003)(52536014)(86362001)(76010400004);DIR:INB;
Unknown fields DIR:INB;
I have tried to email my outlook.com, work email (M365) and my personal M365 tenant and same classification on the emails.
Same problem if I try to send an email from .onmicrosoft.com address.
I can't find anything.
I have tried to change the outgoing policys, phishing policys, etc. and still the same problem.
I'm out of idéas.
When I try to configure DKIM i get "Error in retrieving encrypted key.".
On both custom domain and onmicrosoft.com.
attached two pictures of the error aswell.
Please help and thanks in advance.
Best regards
Thomas Malmesater
Sweden
12 Replies
greetings
what I need to show,
that there is somebody sending spam from, or attempt to send by means of transfer, or faked IPs, or a mix of these, with the name of these servers.
maybe it is feasible to report it to microsoft and ask them.
I'm to languid to do it, as my mailserver is a tiny one in germany and these https://dirtbikehelmetshub.com/ of "spamfloods" will regularly disappear in view days or weeks. as you see my server blocks it as of now.your concern is the reverse way around, you need to send.
maybe you can contact microsoft and show them likewise my discoveries and get some information about the reason for the "pishing mistake" with your settings (assuming they have questions, need a few logs, I'm ready to help them).- It appears that you have already published the SPF record.
However, I was unable to find CNAMEs required for DKIM.
You can follow https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide to configure DKIM.
After that you can configure DMARC as well by following https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide
SPF, DKIM, and DMARC will help in deliverability of the emails.I deleted records because I thought they were the ones causing the problem.
But I will add them again and see if I can activate DKIM.
The problem with DKIM is that M365 can't "create" encryption key.BR
Thomas M
- Based on my experience, yes, the DNS records are needed to successfully configure DKIM.
malmesater
perhaps the cause is the spam from different IPs from 40.107.xxx.xxx
"from" is every time the same sender- i registered the first message at the 2021.12.09 (9th of dec.) in germany
- Hi,
Thanks for the replay.
I'm not sure what you mean, how can I prevent this from happening?
BR
Thomas M
- I guess no one has an answer for this question?
