Forum Discussion
Solved
2024 Sender Requirements - How are you handling valid e-mails sent to junk?
With the new Sender Requirements rolled out beginning in February 2024, how are you handling legitimate e-mails getting "Filtered As Junk" in O365? I am seeing very large corporations with e-mails landing in our junk e-mail now, but they are one offs. When checking the e-mail headers using MX Toolbox, I'm seeing that usually somewhere in the hops before they hit our servers, they are on a blacklist (or X-CustomSpam header is coming back as "SPF Record Fail"). And O365 seems to be sending those to spam.
In our case, I don't think it's great to continually add domains to the whitelist, as it's really up to the sender to ensure they have a good "reputation", aren't on blacklists, and following the sender requirements having full DMARC, DKIM, and SPF compliance.
365 admins, are you seeing more e-mails quarantined or sent to spam and how are you dealing with it?
Type #1 [Junk] and Type #2 [Not Junk] fix your borderline cases where a message may or may not be spam depending on the recipient viewpoint. If like me you are also harvesting the sightings for your own defensive operation then they are also useful canaries. However, the optimum outcome is to not delay your recipients with these procedures. For the persistent cases you are really just putting off action whilst your recipient Outlook settings gradually fill with exceptions.
For the junk senders I either block them in the anti-spam policies or add them to a mail flow rule if I think they might morph. Remember that left unchecked, junk senders will fill your recipient Inboxes to the point of uselessness. Where a sender is most frequently grey, I have no problems ensuring their trip to Junk with a mail flow rule mandating SCL 5 or 6 and letting my recipients phish out the ones they want with a Not Junk report.
For false positives I'm afraid that you have no choice but to look at the product limits for the Tenant Allow/Block and the security polices, and then work out which of your senders you want to save. There will also be some cases where you have to go to Product Support and say "I've tried everything", but make sure that you have before you make that call.
- We deploy Outlook Report Message and train our users to use it. We also measure its use in attack simulation. We have the option to copy user submissions to a designated SecOps mailbox which I keep an eye on. If I see a cluster of type #2 sightings, that's interesting.
Our support desks also know that they can ask me if they can't work out what is causing mis-delivery.
If the problem is subjective (one recipient's spam is another's valued notification) then the type #2 submission [Not Junk] sorts itself out.
If the situation is definitely a complete false-positive then I look for the reason for the positive verdict. There are lots of different remedies depending on the actual problem. Where the sender has a relationship with us I might offer advice via our own correspondents. Naturally I will also exempt a wanted sender from my own arrangements, but for the most part if what is being sent is bulk rather than transactional mail then I am typically unsympathetic.- I like that! I'm letting others know if they're seeing legitimate mail in the Junk Folder now, they're going to need to report as "Not Junk". With the recent security changes, I'm expecting for a while, various legitimate e-mails will end up in junk. Especially since mail servers may end up on blacklists, and mail admins fighting to keep them off.
Thanks for your reply!Type #1 [Junk] and Type #2 [Not Junk] fix your borderline cases where a message may or may not be spam depending on the recipient viewpoint. If like me you are also harvesting the sightings for your own defensive operation then they are also useful canaries. However, the optimum outcome is to not delay your recipients with these procedures. For the persistent cases you are really just putting off action whilst your recipient Outlook settings gradually fill with exceptions.
For the junk senders I either block them in the anti-spam policies or add them to a mail flow rule if I think they might morph. Remember that left unchecked, junk senders will fill your recipient Inboxes to the point of uselessness. Where a sender is most frequently grey, I have no problems ensuring their trip to Junk with a mail flow rule mandating SCL 5 or 6 and letting my recipients phish out the ones they want with a Not Junk report.
For false positives I'm afraid that you have no choice but to look at the product limits for the Tenant Allow/Block and the security polices, and then work out which of your senders you want to save. There will also be some cases where you have to go to Product Support and say "I've tried everything", but make sure that you have before you make that call.
