Forum Discussion
Outgoing emails marked as SPAM and Phishing emails by O365 servers
You might want to read the following article on the "health" tab in the office portal...
I'm having a similar issue with a client who has Office 365 for email.
Their domain name was categorized as CAT:HPHISH due to their website being hacked. Once cleaned up they started having emails being quarantined. They put their domain name in their signature. So any customers they emailed with Office 365 wouldn't get the email, it would be quarantined. When a customer who wasn't on Office 365 got the email and replied, the client wouldn't get the email.
We've reached out to Microsoft Support, however, they're unable to understand what needs to happen. And there is no system in-place to change/remove domain names from this categorization. Even though they have https://sender.office.com for de-listing IP addresses, there is no way to submit domain names.
Other vendors like PaloAlto, FortiNET and Sohpos provide the means to submit evidence for delisting domain names categorized as Phishing or Spam.
EDIT: The only method I see to report the domain name as a false positive or have the category changed or removed is through the Office 365 Protection Portal under the “Quarauntine Queue", by clicking “Submit Message” with no information on where it’s going or if I will get notified if any action was taken.
The other method is in a Microsoft article https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis which states “Use the same procedure as described in the "Use email to submit junk (spam) or phishing scam messages to Microsoft ," but send the message to not_junk@office365.microsoft.com.”
We are having the exact same problem. Tomorrow will be our 3rd day of being mostly down and working with 0365 who can't figure out the problem or even understand that it is bigger than analyzing a couple email headers.
Is there a way to get in contact with higher tier support that has more to say than " tell your recipients to whitelist you."?
Yes, you need to keep calling them. They have access to remove the domain name from their internal list. We just got this completed by their support.
Unfortunately we have not been so lucky. Dozens of calls and we are still down. No one at Microsoft seems to care.
Do you happen to have a MS description of what they did to resolve your issue or a ticket # I can share with support?
I could maybe understand this run around if this was a small company, but they have nearly 100 users. I can not believe the lack of support we are getting.
I'm sorry to hear that. You have to be persistent and point them to this post and ask for an escalation.
Unfortunately, I am unable to provide the ticket number due to the privacy of the client. However, this is what was communicated by the person who got ahold of someone at Microsoft after 8 hours of total time with their support staff. They also had to make sure they had the appropriate SPF/DKIM/DMARC records in-place before they would even consider looking further.
Basically, there are third-party lists that scan sites looking for phishing stuff, they had found domain name to be a part of that.
They are working on clearing off the domain from those lists, and while that’s being done Microsoft is clearing the domain from the watchlist at the moment.
It should take a couple of hours for it all to propagate and take effect, and he will be calling me when it’s all done.