I have been facing an issue from the past 3 weeks and the support staff at office365 is still trying to resolve my issue. All our incoming and outgoing emails are being flagged as spam due to hyperlinks in our email signature that point to our social media websites. Everything was working well for over 3yrs and all of a sudden one day all our emails started getting categorized as Spam. Have been telling them that the problem probably lies in the Forefront server but they take no notice of it.... Had opened multiple tickets with them but they swiftly closed my ticket stating that the customer was not available. Soooo frustrating. Have been stressing upon them that this is affecting our Business as most of our Customers and Vendors are complaining that our emails aren't reaching them. Every time I follow up with the team they keep saying that we are working on resolving the issue so please be patient....3weeks now and they expect me to be patient......Cuummmon.... Anyone face a similar issue and have got it resolved.... Regards Terence

Hello all, This thread has come to my attention. Let me fix some misconceptions: Office 365 absolutely does scan messages "on the way out". This is done to protect our IP reputation. If a message is deemed spammy, then it will be marked as spam and sent out via a special pool of IPs. This pool of IPs has questionable reputation and we do not attempt to maintain their reputation. We do absolutely monitor the reputation of our good IP addresses - so much so that I'm fairly certain that is not an issue here. Most often, I do see false positives happening when someone creates an automated email signature with links in them. A false positive requires a spam rule to be adjusted on our side. This is simple - 1) First report the problem in Submissions Explorer 2) If not getting headway, open a ticket - we just need the samples with the full headers showing what happened so that our engineering team can correct the rule. It is an easy fix - if you're not getting the help you need from the support, point them to this post as guidance. I apologize for any inconvenience. Regards, Scott

Office365 support incompetant - All emails marked as spam due to hyperlinks in email siganture

25 Replies

KurtSantele
Copper Contributor
Apr 13, 2023
Star date 13 04 2023... it's been 5 years... and it's still an issue while in the mean time the IT landscape has changed drastically when the introduction of ChatGPT.
In short:
I'm sending an email without a hyperlink through smtp.office365.com and it arrives in the O365 inbox.
I'm sending the same email but this time with a hyperlink and it arrives in the spam folder with a SCL of 5.
I have absolutely no idea why it gets a SCL of 5. The only difference is the hyperlink (which links to my domain).
Anyone out there who can solve this challenge?

Best regards,
Kurt
- kvermeu
  Copper Contributor
  Apr 18, 2023
  KurtSantele provide message traces and mail analysis to Microsoft and create a case with them.
  with clear examples they should be able to put your domain on a safe list.
  for some reason your domain got on the black list (manually or AI) at microsoft
  - Kevinr1790
    Copper Contributor
    Aug 16, 2023
    This has just happened to us also, I logged several tickets with Microsoft over 6 days ago, i have provided them Extended message traces, Headers, 4 Remote sessions, 3 url submissions and over 1000 email submissions yet the issue still persists, users are reverting to gmail as they cant guarantee their emails are arriving with clients its killing us as a business.
    It took them 4 days to come back with what i showed them about the URL detonation on the first session, I have also provided all the links to online posts where others have the same issues.
    Microsoft have as yet to admit such blacklists even exist.
kvermeu
Copper Contributor
Mar 24, 2023
I can confirm these practices are still in place; A website link in your signature can cause a mail to be classified as spam.
You will have to raise a ticket with Microsoft about this so it can be added to the safe list.
Sadfully, even if you are a customer of O365/Microsoft, it is no guarantee your site won't end up on the 'blacklist'.
Scott Landry
Microsoft
Jul 29, 2019
Hello all,

This thread has come to my attention. Let me fix some misconceptions:

Office 365 absolutely does scan messages "on the way out". This is done to protect our IP reputation. If a message is deemed spammy, then it will be marked as spam and sent out via a special pool of IPs. This pool of IPs has questionable reputation and we do not attempt to maintain their reputation. We do absolutely monitor the reputation of our good IP addresses - so much so that I'm fairly certain that is not an issue here.

Most often, I do see false positives happening when someone creates an automated email signature with links in them. A false positive requires a spam rule to be adjusted on our side. This is simple -

1) First report the problem in Submissions Explorer

2) If not getting headway, open a ticket - we just need the samples with the full headers showing what happened so that our engineering team can correct the rule. It is an easy fix - if you're not getting the help you need from the support, point them to this post as guidance.

I apologize for any inconvenience.

Regards,

Scott
- TRI-JA
  Copper Contributor
  Jul 30, 2019
  Nice job marking that as the best response Scott Landry Give us an actual resolution, then pat yourself on the back.
  
  You state that this is an 'easy fix' and yet, as mentioned, multiple people have tickets open for weeks to address the issue without it being resolved after support is made aware it's a hyperlink issue. The issue is after that ticket is open, after we've provided samples, after we all know its a hyperlink issue, and now after I've put a link to this page in the ticket, it languishes day after day after week after week after call after call over the same basic troubleshooting steps. My THREE calls over the past few days have all resulted in support saying they can't do anything for me. The BEST they can suggest is to use the submit explorer to submit any email that shouldn't be blocked. Let me type this again, I am supposed to submit every single email that shouldn't be going through the high risk pool. When I scoffed that submitting 10k+ past emails plus the hundreds if not thousands more we'd do that day I was told I would need to wait another day for the next escalation engineer. Thats after waiting a day for this escalation engineer. Thats after waiting another day for the previous one. Thats four days of just waiting purely for support to do anything.
  
  No one can give me answers as to why our mail was marked in the first place. Support can't or won't fix it.
  
  So, we know its a hyperlink issue. We know the outgoing spam filter is the issue. How do we get support and a resolution when there is a massive issue like this??
  - Terence Tellis
    Copper Contributor
    Jul 31, 2019
    TRI-JA SPOT ON......Rightly said, easier to recommend a solution out here on the forum but nothing done by MS to resolve the issue in the production environment.
    I struggled for days and was just relying on prayers to get the issue resolved and one fine day it did vanish leaving everyone and MS clueless.
TRI-JA
Copper Contributor
Jul 26, 2019
Just thought I'd post on here, even though its pretty old, that we just ran into this issue 5 days ago and Microsoft is still completely useless.

To recap:
1) All outgoing mail with a hyperlink (including mailto:x@x.com) gets marked as spam. Doesn't matter if its in a signature, body, etc... just any hyperlink period. You can see this in a message trace as it shows the mail going out getting tagged with a spam event and to 'Use high risk delivery pool.'. Attachments and embedded pictures are fine as long as they're not linked. An easy way around this is to set everyones default new mail format to plain text instead of html. I should add however that this didnt happen EVERY time, just 99% of the time. Which was great for Microsoft troubleshooting because as soon as they saw one work without being marked as spam, they said it wasn't their system.

2) We initially noticed this problem due to a massive increase in good inbound mail going to junk e-mail. At that time we also found that whitelisting the domains or email addresses, in the O365 exchange admin page, did nothing, they still went to junk. We had to make an actual transport rule to allow the domains.

3) We found that external mail to externally accessible Public Folders was all being rejected with the message '550 5.4.1 All recipient addresses rejected : Access denied'. I checked the permissions in case they changed, nope - anon still has contribute and create items.

4) If enough mail gets sent out by an internal user, MS will block them and, in our case, when its false, it takes over an hour for the unblock to actually take affect. So I have Customer Service Reps that can't actually send mail to get orders placed for an hour.

I've searched for hours trying to find a way to get better support. Give me back the days when I could slap down a credit card and charge a single premier ticket.

Terence Tellis
- Terence Tellis
  Copper Contributor
  Jul 28, 2019
  TRI-JAI can totally relate to your issue. MS is totally clueless about this behavior and passes the buck onto someone one stating that we do not mark emails as spam. I would strongly suggest you use the Message Analyzer tool to identify the IP add of all outgoing servers and check if any of them have been blacklisted on the Internet.
  
  Regards,
  Terence
zgodwin
Copper Contributor
Jun 19, 2019
Terence Tellis I am a little late to this party but we are having a similar problem with O365. Any email sent from any email system (gmail, yahoo, office email) to an Office 365 mailbox with our domain, carotrans.com in text in the body is getting flagged as spam with a weight of 5. It does not have to be a hyperlink, just the text. Microsoft support has been totally useless. I have not been able to find any way to get this removed. Some have said it will correct itself after a few weeks but like Terence, this is affecting many of our customers and severely impacting our business.

If anyone has any idea how to fix this, it will be greatly appreciated.
jonathan seltzer
Copper Contributor
Jan 15, 2018
0k
Loryan Strant
MVP
Jan 08, 2018
I don't believe that Microsoft marks emails as spam on the way *out* of the service, only on the way in.
Do you have the required SPF record in your DNS zone? And if you send an email to a customer without the signature (or at least the hyperlink) does it get through?
- MatRegan
  Copper Contributor
  Jun 08, 2024
  This does happen. We are experiencing the same issue. Emailing has worked for 12 months with no problems then 2 weeks ago emails started to be quarantined due to phishing. We removed the company website hyperlink and staff member email hyperlink and re-sent emails, and it worked. Microsoft are struggling to find out why. In the meantime, I log into admin and release quarantined emails every hour (some emails have hyperlinks still).
- MatRegan
  Copper Contributor
  Jun 06, 2024
  Loryan Strant This is happening to our organization as well. The outbound emails are all quarantined with a spam/phishing score of 9 even if the email only has the work "test" in the subject and body, however there is a company set up signature which has 3x hyperlinks to company websites and emails. When the hyperlinks are removed, the emails are not quarantined, and the recipients receive the emails. The issue only occurs when emails are sent to an email address that is associated with the Microsoft Exchange, if we send to a Gmail account there is no quarantining.
  - Scott Landry
    Microsoft
    Jun 06, 2024
    MatRegan In addition to opening a support ticket, you should also be able to identify the specific URL and override it. But first and foremost, you should perform several submissions:
    
    Manage submissions - Microsoft Defender for Office 365 | Microsoft Learn
- Terence Tellis
  Copper Contributor
  Jan 09, 2018
  Loryan
  
  The Outbound spam option is enabled on all our emails in office 365 and the header details captured states that the message was flagged as SPAM SCL5 by the Forefront server.
  
  We have everything in place, SPF, DKIM etc etc.
  
  Moreover this problem all of sudden started 2 weeks ago and got resolved by itself yesterday.
  
  Even the support team has no clue as to what triggered this issue.
  
  Regards,
  
  Terence
  - Relihan Myburgh
    Copper Contributor
    Jan 09, 2018
    The problem you had with your mails being rejected as spam, might be due to the fact that multiple Office365 outbound SMTP servers are listed in email blacklists;
    
    eg:
    
    https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a104.47.5.207&run=toolpage
    
    https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a104.47.116.242&run=toolpage
    
    They have started changing the IPs that they send emails from, however large volumes of spam are still being relayed so its only a matter of time the new IPs get blacklisted again.

Forum Discussion

Office365 support incompetant - All emails marked as spam due to hyperlinks in email siganture

25 Replies

Resources