All the emails sent to us by our customer (email address removed for privacy reasons) arrive in our quarantine with an SCL score of 5. However, the email address passes the DMARC tests perfectly (test carried out with https://www.dmarctester.com/).The domain is not blacklisted, and emails from his colleagues email address removed for privacy reasons and email address removed for privacy reasons arrive with no problem.The content of the email shouldn't be the problem either, as an empty email is also quarantined. What additional diagnostic work can I do to understand why the SCL for each of his emails scores 5?

Hi.It will be difficult to trace the exact reason without access to your Defender for Office 365, but from the analysis of the mail header, it seems like a valid mail that is getting flagged by Microsofts anti-phishing system. I would go ahead and make an admin submission:https://learn.microsoft.com/en-us/defender-office-365/submissions-admin?view=o365-worldwide#report-good-email-to-microsoft

SCL 5 very often indicates that recipient added sender to blocked senders list in his Outlook.

I often take one of the received mails, copy the header of that mail (must be the original received mail header, do not let user forward the mail to you), and paste the info to this page to analyse the flow:https://mha.azurewebsites.net/But another and perhaps more effective way is to analyse the output from Defender portal.Sign in to https://security.microsoft.com/quarantine?viewid=EmailThen find the quarantined mail in mention. On the overview page, look at the "reason for quarantine", that will tell you if it is categorized as spam, malware, phishing etc. Next and the overview page, look for the "Policy Type". That will tell you that type of Defender for Office 365 policy has flagged the mail. Open the mail in the quarantine overview, then you can analyse things like "Detection technologies", "URLs", "attachments" and so on.If this does not answer your question, please share some details from the pages I pinpointed, then I can be of assistance for finding the specific cause.

Hi Chris_toffer0707, Thanks for your help. The quarantine reason is Phish and the policy-type is Anti-spam policy. I share you the mail header i get on my quarantine dashboard :Spoiler (Highlight to read) ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=r9C6ULST7DqNTZWHElGVQQUj6qG5jdcGPODcUZ1POHiKrVA14Oh899qZRa5noAWbUXqOv0s1NpWohfBi11yqQkwlGkRmH0OXavnmvWQPjGx0H2LDpTBkvpmNnx97nKbm562uVUh7/szcvt+icmof+ImJRgPj5QyVsF7KeWWUoqe02BZHC+zhm2KWKDTLxW2UNgvqjSDCXGWAD3wT/wnTWDbV2yHXoOWZ8F5ln4zBEaPUg8t7Qx15XF85bMhLNaYG4KnLgLIuG/bgmkeW0THlxmbxVOibyejNbTbOVEwZZS+z8wPlqeIa2vMijug5cii57vzHxLcvQ7iQ9JNZhoKrhQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=mw4kOprPNmlASOTVHwXnpBx3s+hdKZlmcUrn9GDGylKbtw3ww+3RD1Em33YhYsSNRSKFBzUSI5OSJCOBkHwBLCuQuwIV/Ul/BwhSUrmDbynDMrRad+yssoT6tkPrJRnJ2sL/Lq7WuPqdeXT3/Brcuole62LKBsIyvbw9nARI69G25LUHcpSDudbllXWRDQMIc9+ljS+tz4dOosZuqdEpGtqbURIdh/R8DygvPSJGjti6wo8NwxmHaOGTrmCHpVaeU53VD04OdWak7ztiA//ZSTF/COW8Se2M3TesyxvdZZVgGMkgHvtPcGkO1SHU24bInK1ot5KQWq3tj8k0phoBCA== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.107.167.112) smtp.rcpttodomain=smartbee.ch smtp.mailfrom=arsante.ch; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=arsante.ch; dkim=pass (signature was verified) header.d=arsante.ch; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arsante.ch] dkim=[1,1,header.d=arsante.ch] dmarc=[1,1,header.from=arsante.ch]) Received: from ZR0P278CA0139.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40::18) by ZRAP278MB0045.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:12::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 10:07:47 +0000 Received: from ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40:cafe::de) by ZR0P278CA0139.outlook.office365.com (2603:10a6:910:40::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27 via Frontend Transport; Tue, 6 Aug 2024 10:07:47 +0000 Authentication-Results: spf=pass (sender IP is 40.107.167.112) smtp.mailfrom=arsante.ch; dkim=pass (signature was verified) header.d=arsante.ch;dmarc=pass action=none header.from=arsante.ch;compauth=pass reason=100 Received-SPF: Pass (protection.outlook.com: domain of arsante.ch designates 40.107.167.112 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.167.112; helo=ZRZP278CU001.outbound.protection.outlook.com; pr=C Received: from ZRZP278CU001.outbound.protection.outlook.com (40.107.167.112) by ZR2PEPF0000012C.mail.protection.outlook.com (10.167.241.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.8 via Frontend Transport; Tue, 6 Aug 2024 10:07:46 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QN0grlMEOsKpscJvttmXIM6LOwE/xY7kn7cjEGe9u+ijednutbx4SQNj20CYkwiMAU5dBHxrx+hSQtC7yA0gX1J5KwYxK5PaxDSlnA/h2mUlT80HdD3xe9ljX3saWxGalPWrJMSkO9ly1wFP/mw9JK35IJH/8Na6/u6OeBv0LVgvydi048DP/AWpFdBLMyfaWSa7w3Lbi3LVgqSEEXOmRwFBloSz7JwfUmR2mPCBDgyN40ha8L3zuoxt1t+qzhuCa/vzIc565aq7zbuImmhtFC7nB6UqAxHLcTqR6ySvX/10mfhSTn6yUP7/X4AB8KM1ljEDV+/wbgmqw4XXXPRTYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=AnZ9NilWEEGbcV5oHinL7Ouo10XcftkMpbTovETh9ASrisr3H6jRqJl5WGQaOdphabMAhaeB+mopJSB/QvXTJwSBhdbCmhC/QJMWda7J73yjiVgw+gLXZgCuDfKOk2+3NfwdxjsZLRKNy3AIQKxNm/yGVdUL6AJW9DwRahukRDheaXCPDop2bfVKqSvSFlpS2h1SdYJF0Ps/S6wVQycp/UuE5zOHtcP8/r6WOYHliKM5dcJqisoHL6dN1UaX0btyy1NntUMhcLxe8yd9HwdiLHO4iRL1QOig9STjucHgYqZBcGdoUKNarsocfMgfwyxGK/3Q1phewcgrbyT5g9R0pQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arsante.ch; dmarc=pass action=none header.from=arsante.ch; dkim=pass header.d=arsante.ch; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arsante.ch; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=V0DNLvsluuEJO72V5zahQbjPxZgFjUGK7fF6LX+JGv5kqYOoetH9PdaydJDXppJO7czzS8roq/OT+7JPJk4dO+ueWWtLaN5Fh8hDbTGhDyLRbc466IIvMi1kIfMzQ0yorQ8Ra6x/wFO+5CYVzYs7fsSH8QhSD0kVAbrVBuVPxZMICNuBczQgPyHYx0mV8xS8RRfyHzv4aVd3+8tICxAYDSUFK5AWzFptPVKMXksA3d8JAtwP/Q4x5zOB/lQyuvss/BEdBTEVyuK2y5QYfGfQ3tTF4ZSEUpR2uo29+i4AoNdwQMD9YNyasAOMHTw4cn6Wy6AhHg5BUJnsJgC3aTQSlg== Received: from GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:1e::13) by ZRAP278MB0923.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:4b::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 10:07:44 +0000 Received: from GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM ([fe80::4509:e010:c299:d5de]) by GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM ([fe80::4509:e010:c299:d5de%5]) with mapi id 15.20.7828.023; Tue, 6 Aug 2024 10:07:44 +0000 From: =?utf-8?B?R2HDq2xsZSBTYWxsYXo=?= <email address removed for privacy reasons> To: "email address removed for privacy reasons" <email address removed for privacy reasons> Subject: Test Thread-Topic: Test Thread-Index: AQHa5+h7N6d4nq/Ye0CDrZaLodb7LA== Date: Tue, 6 Aug 2024 10:07:44 +0000 Message-ID: <email address removed for privacy reasons> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arsante.ch; x-ms-traffictypediagnostic: GV0P278MB0051:EE_ ZRAP278MB0923:EE_ ZR2PEPF0000012C:EE_ ZRAP278MB0045:EE_ X-MS-Office365-Filtering-Correlation-Id: 5adff72c-17bb-4889-de5e-08dcb5ff9f1b x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0;ARA:13230040 366016 1800799024 376014 38070700018; X-Microsoft-Antispam-Message-Info-Original: =?utf-8?B?NXJDVnpQRjRCeGh3Y2Y0YmJ1UkpwcDdMYU5uY1YwZys4Y0dzN25aWU1BWkJW?= =?utf-8?B?QjhKREEwTEFJZ1Z5WTN4ZldSVW5ocjl4SG5RS2oxNVhWTmJFcko3bjJ3MCth?= =?utf-8?B?alVhQTI5aUt4dXBRazBBRkptd0w0SDBQTVNqYm12RG50WnhmejBTWGh3RWwy?= =?utf-8?B?QXFYdGdIUm5YVW1Cc3VWMEhFUTVFSTBJdHVibWxBSE13QXlRRGdpSjA0VlE1?= =?utf-8?B?OTRzbFp0THR3L29ITTVjMklkOG8zNS8zektVSElDSkhMMjg3VDFqODFKVEtO?= =?utf-8?B?ZkN2T1F6aGRpdWlEeGl4anVtNXZVVFRNcDZUdFFsVG0vekZtUW40aThRS0hU?= =?utf-8?B?YXk1emN4ZEQ0eVRiRlFxY3c1M0JJcElPaHlqN25lOWRoQXBKNzVlSXUxbVVP?= =?utf-8?B?ZGgzcnd6eENSNU9GVzJqWUF4ajQ5LzJack9OMVZUU0RTcG1lWnAzTWNhMkYz?= =?utf-8?B?eG1CVytvK3UyWHJremYwYXBkdDkvYk9VUkxaalpNSG95TXJsY3pkZkN4RTgr?= =?utf-8?B?VTZVdHFrRVpOeUVvRENWNmMwV3dVbUdISURIb0t3NGsxVWFnQXlxWkZhZmNl?= =?utf-8?B?bHVkdnNtL3RWMWFGdGxTUW11RU5rbjJpSUN2RTdCazhQdEZQaENoRnRsS0dN?= =?utf-8?B?RjY1QU81Y3d0TlVub0lFai9RNUxXcjVUMjkybEtOclhSd2tsRm0vSTFmVG1F?= =?utf-8?B?eGlwTjMvZlUyZC8xTjc3Kyt0M2hycnBUcGhQMzJOUW5YQjBuTERXdjFtcWxq?= =?utf-8?B?RjhNRGpMdUxoNHc5Qzh0MHpNazg5Vll0VmxLU09xeWNDRE5jbDN1YVBYV0FV?= =?utf-8?B?eDFKMjNnRzdwK1NkODRLdTYrR2hhUmlCMUJjTVFMK2VCMmROaFY2MG9zQS9S?= =?utf-8?B?a2xUdmdSVitjOTIrT2luY0c2YWxBRytpdlhkdmJ2QmRRaGR6Y1ZPMDJ0aHZN?= =?utf-8?B?RG9zTEw2SklJOVdna1BYSnhQMFJYcVczdnpJcStianloV1F5YkZIbDBZWFVu?= =?utf-8?B?NXMzUXd4Z2lVSlVSL3pkbmpJUEZzWmlwbDZLT1Z6TENGU090NEp0SWVZZThh?= =?utf-8?B?WnRLYkVrRlFBVnZvOXlZbkhSTHlCOC8vWVRwTFYwNHBmRVRMVmJ1VHVWVkYv?= =?utf-8?B?QkJCVE1zN1MxWXBMNGxwaXFLcE5mZmhPNE9qVEJJOW1sVFE1NUdVWVdwQmtN?= =?utf-8?B?ZGdRN0ZjdVB2cmF3T3RIS0RodE55bDZ1a3FvaHViNlRSQnBBYy8zYkJycnFY?= =?utf-8?B?MUZ6cFVqQ3RKL1pNRDlQMVVSRDRnNUVjdm85MjkwdlNTVElDKzlhUWpRU01j?= =?utf-8?B?dStpMVIxVSt5TEl5OGFWajl0SGFlS3Q3NzlMNjdDcEdaVWFMMEdKci9KblVt?= =?utf-8?B?UVVZNDdWN2dmWXNleWxLbURnOWIyUWY1akxkY2grT3kzU2NaaFhlYXdySFlz?= =?utf-8?B?M3UzRG9KYnFVRlB4R1NXclZQMEJvNmpkeTRMeFdUSThmZ01VNmY3azVWTmNj?= =?utf-8?Q?WweAfHPCNw+IvuMxwV6Y+uK61ZR?= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-Original-0: =?utf-8?B?aGIzdmNNWHZsb1JVT1E1SGFiNU1IeGxTdTdndThlYmN5bFU3d1c0aGRRMy9R?= =?utf-8?B?Z2NUc3N2QjBVeDNPcHprNWV4L1NXelNvaGtnUWpod2ZsT1BOb21qQzdZSmpB?= =?utf-8?B?S3R1US9VVU5QdEhKNEFNZnl3am9FYWx5eUJxd01Ob1lMREdrOG9GYU9pRWpq?= =?utf-8?B?NnVEUlhyWURaaCtzaHc1ZnpySCt2ZTFEc1lsNUx0enhUS3FzLzM2MlZiSXNJ?= =?utf-8?B?cHF0SGt3TmhTSWl1MC9XcVJlNVlqZmZLR2JCRVVzdXlOL0dhcm0rSlBsbVI4?= =?utf-8?B?bytncVRpMy9Da0hvV1RDelZlbnl6OGwyNXo2UDYwMng1Q2Fxd0QzR24wbjZJ?= =?utf-8?B?dGIyck5mK1RJMGQ0akQ2OFNtQ2tMTGQ1K3VlTENVMjRsWElnOFBOSTMyQ29E?= =?utf-8?B?SHNOWnBqdnFhdGFDeWk4bGtueDg4c3N6aVJoNFFZODdPM0dUVjYrWWtDakJC?= =?utf-8?B?NVhpUUdnRXRxVjVYVEFVRThOZmwwS3hBR0hBS2R6MUdZNDBtRGg4K0JETlNt?= =?utf-8?B?SHhhN3QyaVZPLzh6QVl3eThwQm1BbmQzUEJPMCswN2VvUExpUkdyNjhpVW5p?= =?utf-8?B?WGllZ2lXS0RLNnlMYUNmY1UrNnQ3Q0lrL2NyMHdvTEMyRHhOakZZV3lpWTR5?= =?utf-8?B?UzFheFBVTE5KbXh4QkxwOEtsd3E3UjBaQk9kN0hFSVBWQXNNTlBMcUNPN2Yv?= =?utf-8?B?bTlsZTZsQS9QNllYamh5WkdZWVYzbUtMUjBOU2NwN3Vnam9pbis1WDVZcUpT?= =?utf-8?B?cTh0cUhwZ1puQzAwQnJxUlpkdGIwVDNMRnV2VG05TTVLRmVtUUduZzhiOGRl?= =?utf-8?B?NWRXMms5eHovSFc0VnRXRVI0SDZ0MUpVaWpmVXpMWkw5UXk4WUdPQmJOeGpy?= =?utf-8?B?aWFBTkI0bVVVVm5ZTlZsOHhCM0M4c0FyVzZBYjdTZEFJdHljb3o1T2FLN0xn?= =?utf-8?B?dkpkdjFWbkUvVEZHV0FadUkwanBCZEJGVlZKcXdFaitaTUNRVXpqSEZTQm0x?= =?utf-8?B?WXBWZkdjZ1R4VmhhSWFKK2lRUEkxUDJ6NVoxNzU4b3VTdGFuclhNckE1VWN1?= =?utf-8?B?VThCa3g4Wmc1SWpkcWVta1ByMEZrMUtYNlZEQ1pKL1YzMC9RbnJZQVFBREVP?= =?utf-8?B?a2ZyVGNuTkNtbFEyaVF3YUl0TEx2UUYwYVlOdW9SbTE3U0s4eHd1b1NVNXgr?= =?utf-8?B?a3V4TlZGSkorRHoyNjh4cjdVdVNUZFdhS2dWWW9HdHBscFJlbE52MUU0OUox?= =?utf-8?B?SWtaQWlsaE9ZQkozRTU4eVRFZ01MZlh0RkFpVHZDUG1TVVg4UGxjVmRDT2Vm?= =?utf-8?B?WWNHTW5ieU9mOHl4T1N5UkRxa051UEE4VGdSN3hiYkhrV29wZ0E2Y2VzM2ww?= =?utf-8?B?WWIyenhVMjR3WkFoSEZ5REZPMW1CVC9LMElkY1lSdzBielFmWURzZlN1NERB?= =?utf-8?B?WlhwOHZwaFdleG1JaHFwMU0xeTByS1pBcmhwbkVUK0l5a2tmT0NBeVgrZS9a?= =?utf-8?B?Z2tMQkRnd2d4OG9MMjUvZTBteDYwcEJOVXdUMHltbVluTnNiSURHdFhSelhS?= =?utf-8?B?MGhyZTdLMkxSSFhDWm50QUt3b2I2cUJWb2RWS3hDNW9PUlMrT1FuMlNTNllH?= =?utf-8?B?b1Q2VnowMUNNTlpXT1U4YmxvQVBmcGNZdHhHZUgwMG1rSmQ1eTltbEUzMjlO?= =?utf-8?B?alVoL1NOckcyZkdiL1ZzemZ4blZrZXE0R0xEVk81ZExldUIrTTIzb21NK3VJ?= =?utf-8?B?SjdsY3d6T2xIa0ROL1kwMG5rZmZWcnpYR0dJc2IxZVJWQVpYVkdmOEhEaXlR?= =?utf-8?B?cC9DYndrZVBqQyt3QitiMWpFWWsrdnh1bzR4QkVtU0ZkbDNiR0hYTnpXdDdO?= =?utf-8?B?V3UyRGRhNVFHQ0xscWQ5dGZXNFUwbTlBVFNOcVpOTU5mR1NFekxFYWRsVmpi?= =?utf-8?B?dEgwOWU4aGJDdnNYUGl4MGRQd2pvWEEycHo4VDNOTXdSZERScFZiSUlMKzZl?= =?utf-8?B?MTUxc0V6ZTR3Rm9lNmxCT3EvYnZJdklTQmhmVHhuRXpnZTBCTEVHZGNiUTVT?= =?utf-8?B?bnJSRUhPTzJuRHpLalFublJTcFgvOVlqYnlCblN3NjhVZUp4NmsxSk91ek9l?= =?utf-8?B?OVlRaWJQZDk1MWg2eCt5bHF4RnVVL0hwMlZBMmo0Y0RjUXBWSmFVaGcrQ2hH?= =?utf-8?B?Vmc9PQ==?= Content-Type: text/plain; charset="utf-8" Content-ID: <email address removed for privacy reasons> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: ZRAP278MB0923 Return-Path: email address removed for privacy reasons X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 34af5d30-e9cb-484b-86d8-2ae5ada91fe8:0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM X-MS-Exchange-Transport-CrossTenantHeadersPromoted: ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: c9a130fa-b1d7-4c47-2596-08dcb5ff9dc8 X-Forefront-Antispam-Report: CIP:40.107.167.112;CTRY:CH;LANG:fr;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:ZRZP278CU001.outbound.protection.outlook.com;PTR:mail-switzerlandnorthazon11021112.outbound.protection.outlook.com;CAT:PHISH;SFS:(13230040)(35042699022);DIR:INB; X-Microsoft-Antispam: BCL:0;ARA:13230040 35042699022; X-Microsoft-Antispam-Message-Info: =?utf-8?B?YVM3UldKVy9RVWJjYzZzbzExWjdxdndQdUtONVZYZGl1RWhaZGZ2Qm55dEp6?= =?utf-8?B?WGZsMFN2UTBEaXdHS1VpeHNkQ2NPdHJ0TE14eGZheFZPTTRFeTVVM01xNFZh?= =?utf-8?B?dmJnZ2tDWjQrVFN5c3lBazdsK1hCSndXdVk0aGE5VnR4emdOTW9aQ3hkWU1t?= =?utf-8?B?cGZORytOZy9kbks0NnEvOVBERllRYXVKaTl0MWFkV2VrTy96ZkEySnhuUDA1?= =?utf-8?B?MmdaTi91RVR0b3pMVkRQUmwraHBpM3lRbS9UaGtZOFhpbGt0bzB3dlFqaHJo?= =?utf-8?B?dWRpcU9oUmc0WkFqeHBhY0JWaWFkZlZZMjR4UG5ZVThRZW9JRHJrc1d5MXE4?= =?utf-8?B?SzMwNFc4T2FZd0dKVHcxOTcwTjNCbUQvdGFRYXdVT1VLMFZDbmh6OHR2Wk94?= =?utf-8?B?b3c5YXlZeG1sRlpnQm1HZno1cEdtMTJUSG9nS1ZUNmh6NVJLd1BWd0tPT2k1?= =?utf-8?B?czRnN2txK2N5bmlraS9wMDByTUJQZTZ1SWpncFk3TExuNnkydHBiUW1ZVHV4?= =?utf-8?B?Z2ViZExhR3krZHY2WjN6RURneThjQjROUWVsTjhmRnBqdkpDemhBbSt1WHFa?= =?utf-8?B?cjJ4TDJ2Y2lpYjB2MmY3U29keTM0d3cvQjZVdFl6dGJaazU0VTI1R0U4aGNt?= =?utf-8?B?d1AydGJ2cXcwU1M0Ui9sVzY5MG5TZ2wzb1pwbVY2cmNCK1c3bVZSa0NrMDh5?= =?utf-8?B?L2hIZDlqdFVFb0FNcVJCQUxkMXlLU1h6QnJDRmRSMkVJUUgybTRmSDNUZWRw?= =?utf-8?B?VHYybHZRUVplWlVkMk5IR0piVDNRejZGczFOTlNBd2phL3NnL0VIRjdseWk5?= =?utf-8?B?MSs0S3oyZUdlV2Vac3ZkQ2hHU0xzeFlZN1g2d1pWV0RxcHVaTHIyeHE0Q1hW?= =?utf-8?B?TUQxd3FNSjRWVW9UbHlsVlJWTUtnN05PaEV0NGZSKzJtVnVFdVp3K1AraDU4?= =?utf-8?B?c3k3em5CbkdEWmpvblRDdk44N0s1V0Yrckx3QjgzTklBdGpNemQwZUJVN3p4?= =?utf-8?B?TCtwd0xrVHRYMnVic2FUT1ZqSmxhUFA4WUt6dXBvZzhEMGUyR0l4N1k1MStq?= =?utf-8?B?L0JZbnVWOUtuRHpLMTZYUXYxcXZWUXJweE9Ba25ld0FXbDlIcFFLbld5V1Q1?= =?utf-8?B?OU1ON3BhbCtFbTZSWXAzc2VLTXpOUEEyZFZ0NDRQVWR2Skd2SUZnT1EzTXg2?= =?utf-8?B?Ky9BaUxnaWszdEpsbHNhOTBjaEI0Z29QYzBlZXFFSmRRWEVZc0RDQk1QTndr?= =?utf-8?B?Mk5SZE9vbUZaNmx3MlhmeXB5dTZUajVTTEVGYnZMVHVNOVZSL3ZkSFVOU2RO?= =?utf-8?B?Z0hPbEQzVVZXeDdnN0FMb1hPYVg3YkZ5UHBFZDZJVnNWc09takNRTHRTNGNU?= =?utf-8?B?VVpqbjU1MElZalREb3lrdlFoa2VvRWdqakhESVZGMHhpZ0NzZ1Ywb2dhS2NN?= =?utf-8?B?Znc0b0l4d2pXMUVCcjA3NkkzYWZVeUNKNisvcHJFVGxYMWs3L3R4ZEozdVNm?= =?utf-8?B?ald2Zzhsa3Z4ZHVUQmQ4ZVhQTnRDU3dVQXlCUzVNamNmMHJHTEZCV3doVTAv?= =?utf-8?B?dWNvYUJ3eE5LV0FRbXBsKzJNVzdxTGxDMmwrTkJhYVdhMzYvaHpTSFNzMm00?= =?utf-8?B?Y1RVRVFsWVFtZ3NGOHZZSmMzSmRrbHMwckdVU2tUTVJ1djdtQXJnbDdiZU40?= =?utf-8?B?ZmRJK1hyRUJLVk9ocW1Xc21rM2FVNXlaVm1SWjRIa2RBblJySnl4bzVkRjRm?= =?utf-8?B?K3VDb3dOMjg0MnE0U2s5bzN4V0d1dnU2YmdwREMvM2hNQ2xZbTJhRzFXUEpC?= =?utf-8?B?TjcxWGEyY3pUNmhvR3JiOGVSR1BISVg2MUZmQysreDVNdlV6KzkvS0svak1L?= =?utf-8?B?WEE4a2ExUE9FQUlmQVNHdjFEZTJpVUMycG0xdmF3SXcwTjRvSVdJL1M5YjZL?= =?utf-8?B?OWhubFIxalRSWFhqZW1zMCtzRERXc2hnVHpLYmlVVFRXZXp2VklZSExrR2hK?= =?utf-8?B?cG5EUFJJbkxvcVpFYVZaOU85cERsVGZ1ZmJ5TS9JdGF4ZEJKSEhHU0VoMlEz?= =?utf-8?B?L1hFQmlnQk1GK05rMUZlSlJhU0RSNmpsbkZVQkZDZHc0MEhGcXpkd1FjNFBR?= =?utf-8?B?TkljcC96aHpxV1huTEF2SVQyS0JVVE1QNnd6cFJ0RjNibjErbjEwejBUZWR5?= =?utf-8?B?M3Iyb2t1VDFaczVCbFp6WDVDTndtMTc0b1M2M3RkRlBJMlFMdVJ2Z3BIR3Jw?= =?utf-8?B?OW1aZS9IcDJOcVp3ZUZPeWxTeEVSV1VteXNGVmhZUWJSOG9KRHkvK1drTzZu?= =?utf-8?B?dTVxNlJHQU5XdUswQzIyUENzUlZjVUNCT0VSTnFTdGdVazZvTTJJUytnUGNq?= =?utf-8?B?Wjc0c3FwakJDczB2K0xVb29HUEJmS0lrbXliN1F5MTB2dWw1SU82M2JjeEJw?= =?utf-8?B?QXJQK0RqRWVJb0lscTVFQ3FuSlRHLzF2b0lXOGNhV2NZV2lrYlRkK1VPOW9H?= =?utf-8?B?ZlRGc3hhV3ByKzVnakxHbDczelZnY3FsR3dLRVhaM2t4UWtSR3NsT1ZVZXZK?= =?utf-8?B?Sll1dHRBWDV0bDBIdHI5ZzRtK2piZ1BRWHRPRVI4V3BtZk5BeG4vWXVGRElP?= =?utf-8?B?ckFRSEJvWEhXZE9XeFYrQTVXZ0d2M2t2V29jeDJwdFI3OUdGVTJxR2o1eWZB?= =?utf-8?B?a0k1VmsvTHpNSFJvY2RHRnNST2Yzenh3TXQ4WVo4UHFkdjN5M2JuY3BCL0Fa?= =?utf-8?B?bFFjQVhuMDN0V1BoYUYyc2t6ZFc1NW1yQ0dzUWVISEsveGJ4dlQvM3Mrb3po?= =?utf-8?B?SGVEbHpoOVplSE9HYjVuZnptMWhuSlVBKzY0Um96d0g0M3FOSFByOTNkOEZy?= =?utf-8?B?OTB1TmcvRS8xbGRoZEc5REs2NG5YbVZIZVBYcER3bHNEcjB1c0l5WmVBeS9w?= =?utf-8?B?NXd3Sm1GV05IOXhVVXVYT3RSRjlXNlhoaFRMTnBKUVcvTGZnbHc9PQ==?= ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=r9C6ULST7DqNTZWHElGVQQUj6qG5jdcGPODcUZ1POHiKrVA14Oh899qZRa5noAWbUXqOv0s1NpWohfBi11yqQkwlGkRmH0OXavnmvWQPjGx0H2LDpTBkvpmNnx97nKbm562uVUh7/szcvt+icmof+ImJRgPj5QyVsF7KeWWUoqe02BZHC+zhm2KWKDTLxW2UNgvqjSDCXGWAD3wT/wnTWDbV2yHXoOWZ8F5ln4zBEaPUg8t7Qx15XF85bMhLNaYG4KnLgLIuG/bgmkeW0THlxmbxVOibyejNbTbOVEwZZS+z8wPlqeIa2vMijug5cii57vzHxLcvQ7iQ9JNZhoKrhQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=mw4kOprPNmlASOTVHwXnpBx3s+hdKZlmcUrn9GDGylKbtw3ww+3RD1Em33YhYsSNRSKFBzUSI5OSJCOBkHwBLCuQuwIV/Ul/BwhSUrmDbynDMrRad+yssoT6tkPrJRnJ2sL/Lq7WuPqdeXT3/Brcuole62LKBsIyvbw9nARI69G25LUHcpSDudbllXWRDQMIc9+ljS+tz4dOosZuqdEpGtqbURIdh/R8DygvPSJGjti6wo8NwxmHaOGTrmCHpVaeU53VD04OdWak7ztiA//ZSTF/COW8Se2M3TesyxvdZZVgGMkgHvtPcGkO1SHU24bInK1ot5KQWq3tj8k0phoBCA== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.107.167.112) smtp.rcpttodomain=smartbee.ch smtp.mailfrom=arsante.ch; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=arsante.ch; dkim=pass (signature was verified) header.d=arsante.ch; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arsante.ch] dkim=[1,1,header.d=arsante.ch] dmarc=[1,1,header.from=arsante.ch]) Received: from ZR0P278CA0139.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40::18) by ZRAP278MB0045.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:12::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 10:07:47 +0000 Received: from ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40:cafe::de) by ZR0P278CA0139.outlook.office365.com (2603:10a6:910:40::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27 via Frontend Transport; Tue, 6 Aug 2024 10:07:47 +0000 Authentication-Results: spf=pass (sender IP is 40.107.167.112) smtp.mailfrom=arsante.ch; dkim=pass (signature was verified) header.d=arsante.ch;dmarc=pass action=none header.from=arsante.ch;compauth=pass reason=100 Received-SPF: Pass (protection.outlook.com: domain of arsante.ch designates 40.107.167.112 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.167.112; helo=ZRZP278CU001.outbound.protection.outlook.com; pr=C Received: from ZRZP278CU001.outbound.protection.outlook.com (40.107.167.112) by ZR2PEPF0000012C.mail.protection.outlook.com (10.167.241.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.8 via Frontend Transport; Tue, 6 Aug 2024 10:07:46 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QN0grlMEOsKpscJvttmXIM6LOwE/xY7kn7cjEGe9u+ijednutbx4SQNj20CYkwiMAU5dBHxrx+hSQtC7yA0gX1J5KwYxK5PaxDSlnA/h2mUlT80HdD3xe9ljX3saWxGalPWrJMSkO9ly1wFP/mw9JK35IJH/8Na6/u6OeBv0LVgvydi048DP/AWpFdBLMyfaWSa7w3Lbi3LVgqSEEXOmRwFBloSz7JwfUmR2mPCBDgyN40ha8L3zuoxt1t+qzhuCa/vzIc565aq7zbuImmhtFC7nB6UqAxHLcTqR6ySvX/10mfhSTn6yUP7/X4AB8KM1ljEDV+/wbgmqw4XXXPRTYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=AnZ9NilWEEGbcV5oHinL7Ouo10XcftkMpbTovETh9ASrisr3H6jRqJl5WGQaOdphabMAhaeB+mopJSB/QvXTJwSBhdbCmhC/QJMWda7J73yjiVgw+gLXZgCuDfKOk2+3NfwdxjsZLRKNy3AIQKxNm/yGVdUL6AJW9DwRahukRDheaXCPDop2bfVKqSvSFlpS2h1SdYJF0Ps/S6wVQycp/UuE5zOHtcP8/r6WOYHliKM5dcJqisoHL6dN1UaX0btyy1NntUMhcLxe8yd9HwdiLHO4iRL1QOig9STjucHgYqZBcGdoUKNarsocfMgfwyxGK/3Q1phewcgrbyT5g9R0pQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arsante.ch; dmarc=pass action=none header.from=arsante.ch; dkim=pass header.d=arsante.ch; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arsante.ch; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=V0DNLvsluuEJO72V5zahQbjPxZgFjUGK7fF6LX+JGv5kqYOoetH9PdaydJDXppJO7czzS8roq/OT+7JPJk4dO+ueWWtLaN5Fh8hDbTGhDyLRbc466IIvMi1kIfMzQ0yorQ8Ra6x/wFO+5CYVzYs7fsSH8QhSD0kVAbrVBuVPxZMICNuBczQgPyHYx0mV8xS8RRfyHzv4aVd3+8tICxAYDSUFK5AWzFptPVKMXksA3d8JAtwP/Q4x5zOB/lQyuvss/BEdBTEVyuK2y5QYfGfQ3tTF4ZSEUpR2uo29+i4AoNdwQMD9YNyasAOMHTw4cn6Wy6AhHg5BUJnsJgC3aTQSlg== Received: from GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:1e::13) by ZRAP278MB0923.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:4b::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 10:07:44 +0000 Received: from GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM ([fe80::4509:e010:c299:d5de]) by GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM ([fe80::4509:e010:c299:d5de%5]) with mapi id 15.20.7828.023; Tue, 6 Aug 2024 10:07:44 +0000 From: =?utf-8?B?R2HDq2xsZSBTYWxsYXo=?= <email address removed for privacy reasons> To: "email address removed for privacy reasons" <email address removed for privacy reasons> Subject: Test Thread-Topic: Test Thread-Index: AQHa5+h7N6d4nq/Ye0CDrZaLodb7LA== Date: Tue, 6 Aug 2024 10:07:44 +0000 Message-ID: <email address removed for privacy reasons> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arsante.ch; x-ms-traffictypediagnostic: GV0P278MB0051:EE_ ZRAP278MB0923:EE_ ZR2PEPF0000012C:EE_ ZRAP278MB0045:EE_ X-MS-Office365-Filtering-Correlation-Id: 5adff72c-17bb-4889-de5e-08dcb5ff9f1b x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0;ARA:13230040 366016 1800799024 376014 38070700018; X-Microsoft-Antispam-Message-Info-Original: =?utf-8?B?NXJDVnpQRjRCeGh3Y2Y0YmJ1UkpwcDdMYU5uY1YwZys4Y0dzN25aWU1BWkJW?= =?utf-8?B?QjhKREEwTEFJZ1Z5WTN4ZldSVW5ocjl4SG5RS2oxNVhWTmJFcko3bjJ3MCth?= =?utf-8?B?alVhQTI5aUt4dXBRazBBRkptd0w0SDBQTVNqYm12RG50WnhmejBTWGh3RWwy?= =?utf-8?B?QXFYdGdIUm5YVW1Cc3VWMEhFUTVFSTBJdHVibWxBSE13QXlRRGdpSjA0VlE1?= =?utf-8?B?OTRzbFp0THR3L29ITTVjMklkOG8zNS8zektVSElDSkhMMjg3VDFqODFKVEtO?= =?utf-8?B?ZkN2T1F6aGRpdWlEeGl4anVtNXZVVFRNcDZUdFFsVG0vekZtUW40aThRS0hU?= =?utf-8?B?YXk1emN4ZEQ0eVRiRlFxY3c1M0JJcElPaHlqN25lOWRoQXBKNzVlSXUxbVVP?= =?utf-8?B?ZGgzcnd6eENSNU9GVzJqWUF4ajQ5LzJack9OMVZUU0RTcG1lWnAzTWNhMkYz?= =?utf-8?B?eG1CVytvK3UyWHJremYwYXBkdDkvYk9VUkxaalpNSG95TXJsY3pkZkN4RTgr?= =?utf-8?B?VTZVdHFrRVpOeUVvRENWNmMwV3dVbUdISURIb0t3NGsxVWFnQXlxWkZhZmNl?= =?utf-8?B?bHVkdnNtL3RWMWFGdGxTUW11RU5rbjJpSUN2RTdCazhQdEZQaENoRnRsS0dN?= =?utf-8?B?RjY1QU81Y3d0TlVub0lFai9RNUxXcjVUMjkybEtOclhSd2tsRm0vSTFmVG1F?= =?utf-8?B?eGlwTjMvZlUyZC8xTjc3Kyt0M2hycnBUcGhQMzJOUW5YQjBuTERXdjFtcWxq?= =?utf-8?B?RjhNRGpMdUxoNHc5Qzh0MHpNazg5Vll0VmxLU09xeWNDRE5jbDN1YVBYV0FV?= =?utf-8?B?eDFKMjNnRzdwK1NkODRLdTYrR2hhUmlCMUJjTVFMK2VCMmROaFY2MG9zQS9S?= =?utf-8?B?a2xUdmdSVitjOTIrT2luY0c2YWxBRytpdlhkdmJ2QmRRaGR6Y1ZPMDJ0aHZN?= =?utf-8?B?RG9zTEw2SklJOVdna1BYSnhQMFJYcVczdnpJcStianloV1F5YkZIbDBZWFVu?= =?utf-8?B?NXMzUXd4Z2lVSlVSL3pkbmpJUEZzWmlwbDZLT1Z6TENGU090NEp0SWVZZThh?= =?utf-8?B?WnRLYkVrRlFBVnZvOXlZbkhSTHlCOC8vWVRwTFYwNHBmRVRMVmJ1VHVWVkYv?= =?utf-8?B?QkJCVE1zN1MxWXBMNGxwaXFLcE5mZmhPNE9qVEJJOW1sVFE1NUdVWVdwQmtN?= =?utf-8?B?ZGdRN0ZjdVB2cmF3T3RIS0RodE55bDZ1a3FvaHViNlRSQnBBYy8zYkJycnFY?= =?utf-8?B?MUZ6cFVqQ3RKL1pNRDlQMVVSRDRnNUVjdm85MjkwdlNTVElDKzlhUWpRU01j?= =?utf-8?B?dStpMVIxVSt5TEl5OGFWajl0SGFlS3Q3NzlMNjdDcEdaVWFMMEdKci9KblVt?= =?utf-8?B?UVVZNDdWN2dmWXNleWxLbURnOWIyUWY1akxkY2grT3kzU2NaaFhlYXdySFlz?= =?utf-8?B?M3UzRG9KYnFVRlB4R1NXclZQMEJvNmpkeTRMeFdUSThmZ01VNmY3azVWTmNj?= =?utf-8?Q?WweAfHPCNw+IvuMxwV6Y+uK61ZR?= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-Original-0: =?utf-8?B?aGIzdmNNWHZsb1JVT1E1SGFiNU1IeGxTdTdndThlYmN5bFU3d1c0aGRRMy9R?= =?utf-8?B?Z2NUc3N2QjBVeDNPcHprNWV4L1NXelNvaGtnUWpod2ZsT1BOb21qQzdZSmpB?= =?utf-8?B?S3R1US9VVU5QdEhKNEFNZnl3am9FYWx5eUJxd01Ob1lMREdrOG9GYU9pRWpq?= =?utf-8?B?NnVEUlhyWURaaCtzaHc1ZnpySCt2ZTFEc1lsNUx0enhUS3FzLzM2MlZiSXNJ?= =?utf-8?B?cHF0SGt3TmhTSWl1MC9XcVJlNVlqZmZLR2JCRVVzdXlOL0dhcm0rSlBsbVI4?= =?utf-8?B?bytncVRpMy9Da0hvV1RDelZlbnl6OGwyNXo2UDYwMng1Q2Fxd0QzR24wbjZJ?= =?utf-8?B?dGIyck5mK1RJMGQ0akQ2OFNtQ2tMTGQ1K3VlTENVMjRsWElnOFBOSTMyQ29E?= =?utf-8?B?SHNOWnBqdnFhdGFDeWk4bGtueDg4c3N6aVJoNFFZODdPM0dUVjYrWWtDakJC?= =?utf-8?B?NVhpUUdnRXRxVjVYVEFVRThOZmwwS3hBR0hBS2R6MUdZNDBtRGg4K0JETlNt?= =?utf-8?B?SHhhN3QyaVZPLzh6QVl3eThwQm1BbmQzUEJPMCswN2VvUExpUkdyNjhpVW5p?= =?utf-8?B?WGllZ2lXS0RLNnlMYUNmY1UrNnQ3Q0lrL2NyMHdvTEMyRHhOakZZV3lpWTR5?= =?utf-8?B?UzFheFBVTE5KbXh4QkxwOEtsd3E3UjBaQk9kN0hFSVBWQXNNTlBMcUNPN2Yv?= =?utf-8?B?bTlsZTZsQS9QNllYamh5WkdZWVYzbUtMUjBOU2NwN3Vnam9pbis1WDVZcUpT?= =?utf-8?B?cTh0cUhwZ1puQzAwQnJxUlpkdGIwVDNMRnV2VG05TTVLRmVtUUduZzhiOGRl?= =?utf-8?B?NWRXMms5eHovSFc0VnRXRVI0SDZ0MUpVaWpmVXpMWkw5UXk4WUdPQmJOeGpy?= =?utf-8?B?aWFBTkI0bVVVVm5ZTlZsOHhCM0M4c0FyVzZBYjdTZEFJdHljb3o1T2FLN0xn?= =?utf-8?B?dkpkdjFWbkUvVEZHV0FadUkwanBCZEJGVlZKcXdFaitaTUNRVXpqSEZTQm0x?= =?utf-8?B?WXBWZkdjZ1R4VmhhSWFKK2lRUEkxUDJ6NVoxNzU4b3VTdGFuclhNckE1VWN1?= =?utf-8?B?VThCa3g4Wmc1SWpkcWVta1ByMEZrMUtYNlZEQ1pKL1YzMC9RbnJZQVFBREVP?= =?utf-8?B?a2ZyVGNuTkNtbFEyaVF3YUl0TEx2UUYwYVlOdW9SbTE3U0s4eHd1b1NVNXgr?= =?utf-8?B?a3V4TlZGSkorRHoyNjh4cjdVdVNUZFdhS2dWWW9HdHBscFJlbE52MUU0OUox?= =?utf-8?B?SWtaQWlsaE9ZQkozRTU4eVRFZ01MZlh0RkFpVHZDUG1TVVg4UGxjVmRDT2Vm?= =?utf-8?B?WWNHTW5ieU9mOHl4T1N5UkRxa051UEE4VGdSN3hiYkhrV29wZ0E2Y2VzM2ww?= =?utf-8?B?WWIyenhVMjR3WkFoSEZ5REZPMW1CVC9LMElkY1lSdzBielFmWURzZlN1NERB?= =?utf-8?B?WlhwOHZwaFdleG1JaHFwMU0xeTByS1pBcmhwbkVUK0l5a2tmT0NBeVgrZS9a?= =?utf-8?B?Z2tMQkRnd2d4OG9MMjUvZTBteDYwcEJOVXdUMHltbVluTnNiSURHdFhSelhS?= =?utf-8?B?MGhyZTdLMkxSSFhDWm50QUt3b2I2cUJWb2RWS3hDNW9PUlMrT1FuMlNTNllH?= =?utf-8?B?b1Q2VnowMUNNTlpXT1U4YmxvQVBmcGNZdHhHZUgwMG1rSmQ1eTltbEUzMjlO?= =?utf-8?B?alVoL1NOckcyZkdiL1ZzemZ4blZrZXE0R0xEVk81ZExldUIrTTIzb21NK3VJ?= =?utf-8?B?SjdsY3d6T2xIa0ROL1kwMG5rZmZWcnpYR0dJc2IxZVJWQVpYVkdmOEhEaXlR?= =?utf-8?B?cC9DYndrZVBqQyt3QitiMWpFWWsrdnh1bzR4QkVtU0ZkbDNiR0hYTnpXdDdO?= =?utf-8?B?V3UyRGRhNVFHQ0xscWQ5dGZXNFUwbTlBVFNOcVpOTU5mR1NFekxFYWRsVmpi?= =?utf-8?B?dEgwOWU4aGJDdnNYUGl4MGRQd2pvWEEycHo4VDNOTXdSZERScFZiSUlMKzZl?= =?utf-8?B?MTUxc0V6ZTR3Rm9lNmxCT3EvYnZJdklTQmhmVHhuRXpnZTBCTEVHZGNiUTVT?= =?utf-8?B?bnJSRUhPTzJuRHpLalFublJTcFgvOVlqYnlCblN3NjhVZUp4NmsxSk91ek9l?= =?utf-8?B?OVlRaWJQZDk1MWg2eCt5bHF4RnVVL0hwMlZBMmo0Y0RjUXBWSmFVaGcrQ2hH?= =?utf-8?B?Vmc9PQ==?= Content-Type: text/plain; charset="utf-8" Content-ID: <email address removed for privacy reasons> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: ZRAP278MB0923 Return-Path: email address removed for privacy reasons X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 34af5d30-e9cb-484b-86d8-2ae5ada91fe8:0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM X-MS-Exchange-Transport-CrossTenantHeadersPromoted: ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: c9a130fa-b1d7-4c47-2596-08dcb5ff9dc8 X-Forefront-Antispam-Report: CIP:40.107.167.112;CTRY:CH;LANG:fr;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:ZRZP278CU001.outbound.protection.outlook.com;PTR:mail-switzerlandnorthazon11021112.outbound.protection.outlook.com;CAT:PHISH;SFS:(13230040)(35042699022);DIR:INB; X-Microsoft-Antispam: BCL:0;ARA:13230040 35042699022; X-Microsoft-Antispam-Message-Info: =?utf-8?B?YVM3UldKVy9RVWJjYzZzbzExWjdxdndQdUtONVZYZGl1RWhaZGZ2Qm55dEp6?= =?utf-8?B?WGZsMFN2UTBEaXdHS1VpeHNkQ2NPdHJ0TE14eGZheFZPTTRFeTVVM01xNFZh?= =?utf-8?B?dmJnZ2tDWjQrVFN5c3lBazdsK1hCSndXdVk0aGE5VnR4emdOTW9aQ3hkWU1t?= =?utf-8?B?cGZORytOZy9kbks0NnEvOVBERllRYXVKaTl0MWFkV2VrTy96ZkEySnhuUDA1?= =?utf-8?B?MmdaTi91RVR0b3pMVkRQUmwraHBpM3lRbS9UaGtZOFhpbGt0bzB3dlFqaHJo?= =?utf-8?B?dWRpcU9oUmc0WkFqeHBhY0JWaWFkZlZZMjR4UG5ZVThRZW9JRHJrc1d5MXE4?= =?utf-8?B?SzMwNFc4T2FZd0dKVHcxOTcwTjNCbUQvdGFRYXdVT1VLMFZDbmh6OHR2Wk94?= =?utf-8?B?b3c5YXlZeG1sRlpnQm1HZno1cEdtMTJUSG9nS1ZUNmh6NVJLd1BWd0tPT2k1?= =?utf-8?B?czRnN2txK2N5bmlraS9wMDByTUJQZTZ1SWpncFk3TExuNnkydHBiUW1ZVHV4?= =?utf-8?B?Z2ViZExhR3krZHY2WjN6RURneThjQjROUWVsTjhmRnBqdkpDemhBbSt1WHFa?= =?utf-8?B?cjJ4TDJ2Y2lpYjB2MmY3U29keTM0d3cvQjZVdFl6dGJaazU0VTI1R0U4aGNt?= =?utf-8?B?d1AydGJ2cXcwU1M0Ui9sVzY5MG5TZ2wzb1pwbVY2cmNCK1c3bVZSa0NrMDh5?= =?utf-8?B?L2hIZDlqdFVFb0FNcVJCQUxkMXlLU1h6QnJDRmRSMkVJUUgybTRmSDNUZWRw?= =?utf-8?B?VHYybHZRUVplWlVkMk5IR0piVDNRejZGczFOTlNBd2phL3NnL0VIRjdseWk5?= =?utf-8?B?MSs0S3oyZUdlV2Vac3ZkQ2hHU0xzeFlZN1g2d1pWV0RxcHVaTHIyeHE0Q1hW?= =?utf-8?B?TUQxd3FNSjRWVW9UbHlsVlJWTUtnN05PaEV0NGZSKzJtVnVFdVp3K1AraDU4?= =?utf-8?B?c3k3em5CbkdEWmpvblRDdk44N0s1V0Yrckx3QjgzTklBdGpNemQwZUJVN3p4?= =?utf-8?B?TCtwd0xrVHRYMnVic2FUT1ZqSmxhUFA4WUt6dXBvZzhEMGUyR0l4N1k1MStq?= =?utf-8?B?L0JZbnVWOUtuRHpLMTZYUXYxcXZWUXJweE9Ba25ld0FXbDlIcFFLbld5V1Q1?= =?utf-8?B?OU1ON3BhbCtFbTZSWXAzc2VLTXpOUEEyZFZ0NDRQVWR2Skd2SUZnT1EzTXg2?= =?utf-8?B?Ky9BaUxnaWszdEpsbHNhOTBjaEI0Z29QYzBlZXFFSmRRWEVZc0RDQk1QTndr?= =?utf-8?B?Mk5SZE9vbUZaNmx3MlhmeXB5dTZUajVTTEVGYnZMVHVNOVZSL3ZkSFVOU2RO?= =?utf-8?B?Z0hPbEQzVVZXeDdnN0FMb1hPYVg3YkZ5UHBFZDZJVnNWc09takNRTHRTNGNU?= =?utf-8?B?VVpqbjU1MElZalREb3lrdlFoa2VvRWdqakhESVZGMHhpZ0NzZ1Ywb2dhS2NN?= =?utf-8?B?Znc0b0l4d2pXMUVCcjA3NkkzYWZVeUNKNisvcHJFVGxYMWs3L3R4ZEozdVNm?= =?utf-8?B?ald2Zzhsa3Z4ZHVUQmQ4ZVhQTnRDU3dVQXlCUzVNamNmMHJHTEZCV3doVTAv?= =?utf-8?B?dWNvYUJ3eE5LV0FRbXBsKzJNVzdxTGxDMmwrTkJhYVdhMzYvaHpTSFNzMm00?= =?utf-8?B?Y1RVRVFsWVFtZ3NGOHZZSmMzSmRrbHMwckdVU2tUTVJ1djdtQXJnbDdiZU40?= =?utf-8?B?ZmRJK1hyRUJLVk9ocW1Xc21rM2FVNXlaVm1SWjRIa2RBblJySnl4bzVkRjRm?= =?utf-8?B?K3VDb3dOMjg0MnE0U2s5bzN4V0d1dnU2YmdwREMvM2hNQ2xZbTJhRzFXUEpC?= =?utf-8?B?TjcxWGEyY3pUNmhvR3JiOGVSR1BISVg2MUZmQysreDVNdlV6KzkvS0svak1L?= =?utf-8?B?WEE4a2ExUE9FQUlmQVNHdjFEZTJpVUMycG0xdmF3SXcwTjRvSVdJL1M5YjZL?= =?utf-8?B?OWhubFIxalRSWFhqZW1zMCtzRERXc2hnVHpLYmlVVFRXZXp2VklZSExrR2hK?= =?utf-8?B?cG5EUFJJbkxvcVpFYVZaOU85cERsVGZ1ZmJ5TS9JdGF4ZEJKSEhHU0VoMlEz?= =?utf-8?B?L1hFQmlnQk1GK05rMUZlSlJhU0RSNmpsbkZVQkZDZHc0MEhGcXpkd1FjNFBR?= =?utf-8?B?TkljcC96aHpxV1huTEF2SVQyS0JVVE1QNnd6cFJ0RjNibjErbjEwejBUZWR5?= =?utf-8?B?M3Iyb2t1VDFaczVCbFp6WDVDTndtMTc0b1M2M3RkRlBJMlFMdVJ2Z3BIR3Jw?= =?utf-8?B?OW1aZS9IcDJOcVp3ZUZPeWxTeEVSV1VteXNGVmhZUWJSOG9KRHkvK1drTzZu?= =?utf-8?B?dTVxNlJHQU5XdUswQzIyUENzUlZjVUNCT0VSTnFTdGdVazZvTTJJUytnUGNq?= =?utf-8?B?Wjc0c3FwakJDczB2K0xVb29HUEJmS0lrbXliN1F5MTB2dWw1SU82M2JjeEJw?= =?utf-8?B?QXJQK0RqRWVJb0lscTVFQ3FuSlRHLzF2b0lXOGNhV2NZV2lrYlRkK1VPOW9H?= =?utf-8?B?ZlRGc3hhV3ByKzVnakxHbDczelZnY3FsR3dLRVhaM2t4UWtSR3NsT1ZVZXZK?= =?utf-8?B?Sll1dHRBWDV0bDBIdHI5ZzRtK2piZ1BRWHRPRVI4V3BtZk5BeG4vWXVGRElP?= =?utf-8?B?ckFRSEJvWEhXZE9XeFYrQTVXZ0d2M2t2V29jeDJwdFI3OUdGVTJxR2o1eWZB?= =?utf-8?B?a0k1VmsvTHpNSFJvY2RHRnNST2Yzenh3TXQ4WVo4UHFkdjN5M2JuY3BCL0Fa?= =?utf-8?B?bFFjQVhuMDN0V1BoYUYyc2t6ZFc1NW1yQ0dzUWVISEsveGJ4dlQvM3Mrb3po?= =?utf-8?B?SGVEbHpoOVplSE9HYjVuZnptMWhuSlVBKzY0Um96d0g0M3FOSFByOTNkOEZy?= =?utf-8?B?OTB1TmcvRS8xbGRoZEc5REs2NG5YbVZIZVBYcER3bHNEcjB1c0l5WmVBeS9w?= =?utf-8?B?NXd3Sm1GV05IOXhVVXVYT3RSRjlXNlhoaFRMTnBKUVcvTGZnbHc9PQ==?= Mail are quarantined even if the mail is blank. Thanks for your help,regards

MX says the sender is also M365 (as per the headers) and they do not look like the sort of organisation that would cause trouble. Their ISP (going by the domain SOA) is in our bad books for unrelated reasons. You might want to sniff around any URLs they routinely include, though I believe that you said the problem was related to one sender. Being on M365, has the sender had a recent "misfortune"? If the sender's address was in your own Tenant Allow / Block list then you would not see the mails at all, unless your anti-spam policy is very weak.

All the mail from one mail adress arrive in quarantine with an SCL = 5

12 Replies

Hugo_Smartbee
Copper Contributor
Aug 22, 2024
And I know that we could had her email to the safe mail list but I'm not alone to not receiving, she get other client who not receive her mail. So i want to solve the problem in her side, not in mine.
Grzegorz Fąfera
Copper Contributor
Aug 12, 2024
SCL 5 very often indicates that recipient added sender to blocked senders list in his Outlook.
- Hugo_Smartbee
  Copper Contributor
  Aug 22, 2024
  Hi, I checked the blocked sender list and my client adress isn't in.
  
  Moreover, their colleague can send us mails, she's the only one who get this SCL score, even if she send an empty mail.
  - ExMSW4319
    Iron Contributor
    Aug 22, 2024
    If you mean the Restricted Senders list [get-blockedsenderaddress] then that only shows users in full Restriction (typically because their mailboxes are sending large amounts of rubbish). It won't help you if there is something in her signature block (say a URL) that is putting a weed up the product's outbound pool.
Chris_toffer0707
Iron Contributor
Aug 07, 2024
I often take one of the received mails, copy the header of that mail (must be the original received mail header, do not let user forward the mail to you), and paste the info to this page to analyse the flow:

https://mha.azurewebsites.net/

But another and perhaps more effective way is to analyse the output from Defender portal.
Sign in to https://security.microsoft.com/quarantine?viewid=Email
Then find the quarantined mail in mention. On the overview page, look at the "reason for quarantine", that will tell you if it is categorized as spam, malware, phishing etc. Next and the overview page, look for the "Policy Type". That will tell you that type of Defender for Office 365 policy has flagged the mail. Open the mail in the quarantine overview, then you can analyse things like "Detection technologies", "URLs", "attachments" and so on.

If this does not answer your question, please share some details from the pages I pinpointed, then I can be of assistance for finding the specific cause.
- Hugo_Smartbee
  Copper Contributor
  Aug 08, 2024
  Hi Chris_toffer0707,
  
  Thanks for your help.
  
  The quarantine reason is Phish and the policy-type is Anti-spam policy.
  
  I share you the mail header i get on my quarantine dashboard :
  Spoiler
  
  ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=r9C6ULST7DqNTZWHElGVQQUj6qG5jdcGPODcUZ1POHiKrVA14Oh899qZRa5noAWbUXqOv0s1NpWohfBi11yqQkwlGkRmH0OXavnmvWQPjGx0H2LDpTBkvpmNnx97nKbm562uVUh7/szcvt+icmof+ImJRgPj5QyVsF7KeWWUoqe02BZHC+zhm2KWKDTLxW2UNgvqjSDCXGWAD3wT/wnTWDbV2yHXoOWZ8F5ln4zBEaPUg8t7Qx15XF85bMhLNaYG4KnLgLIuG/bgmkeW0THlxmbxVOibyejNbTbOVEwZZS+z8wPlqeIa2vMijug5cii57vzHxLcvQ7iQ9JNZhoKrhQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=mw4kOprPNmlASOTVHwXnpBx3s+hdKZlmcUrn9GDGylKbtw3ww+3RD1Em33YhYsSNRSKFBzUSI5OSJCOBkHwBLCuQuwIV/Ul/BwhSUrmDbynDMrRad+yssoT6tkPrJRnJ2sL/Lq7WuPqdeXT3/Brcuole62LKBsIyvbw9nARI69G25LUHcpSDudbllXWRDQMIc9+ljS+tz4dOosZuqdEpGtqbURIdh/R8DygvPSJGjti6wo8NwxmHaOGTrmCHpVaeU53VD04OdWak7ztiA//ZSTF/COW8Se2M3TesyxvdZZVgGMkgHvtPcGkO1SHU24bInK1ot5KQWq3tj8k0phoBCA== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.107.167.112) smtp.rcpttodomain=smartbee.ch smtp.mailfrom=arsante.ch; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=arsante.ch; dkim=pass (signature was verified) header.d=arsante.ch; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arsante.ch] dkim=[1,1,header.d=arsante.ch] dmarc=[1,1,header.from=arsante.ch]) Received: from ZR0P278CA0139.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40::18) by ZRAP278MB0045.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:12::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 10:07:47 +0000 Received: from ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40:cafe::de) by ZR0P278CA0139.outlook.office365.com (2603:10a6:910:40::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27 via Frontend Transport; Tue, 6 Aug 2024 10:07:47 +0000 Authentication-Results: spf=pass (sender IP is 40.107.167.112) smtp.mailfrom=arsante.ch; dkim=pass (signature was verified) header.d=arsante.ch;dmarc=pass action=none header.from=arsante.ch;compauth=pass reason=100 Received-SPF: Pass (protection.outlook.com: domain of arsante.ch designates 40.107.167.112 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.167.112; helo=ZRZP278CU001.outbound.protection.outlook.com; pr=C Received: from ZRZP278CU001.outbound.protection.outlook.com (40.107.167.112) by ZR2PEPF0000012C.mail.protection.outlook.com (10.167.241.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.8 via Frontend Transport; Tue, 6 Aug 2024 10:07:46 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QN0grlMEOsKpscJvttmXIM6LOwE/xY7kn7cjEGe9u+ijednutbx4SQNj20CYkwiMAU5dBHxrx+hSQtC7yA0gX1J5KwYxK5PaxDSlnA/h2mUlT80HdD3xe9ljX3saWxGalPWrJMSkO9ly1wFP/mw9JK35IJH/8Na6/u6OeBv0LVgvydi048DP/AWpFdBLMyfaWSa7w3Lbi3LVgqSEEXOmRwFBloSz7JwfUmR2mPCBDgyN40ha8L3zuoxt1t+qzhuCa/vzIc565aq7zbuImmhtFC7nB6UqAxHLcTqR6ySvX/10mfhSTn6yUP7/X4AB8KM1ljEDV+/wbgmqw4XXXPRTYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=AnZ9NilWEEGbcV5oHinL7Ouo10XcftkMpbTovETh9ASrisr3H6jRqJl5WGQaOdphabMAhaeB+mopJSB/QvXTJwSBhdbCmhC/QJMWda7J73yjiVgw+gLXZgCuDfKOk2+3NfwdxjsZLRKNy3AIQKxNm/yGVdUL6AJW9DwRahukRDheaXCPDop2bfVKqSvSFlpS2h1SdYJF0Ps/S6wVQycp/UuE5zOHtcP8/r6WOYHliKM5dcJqisoHL6dN1UaX0btyy1NntUMhcLxe8yd9HwdiLHO4iRL1QOig9STjucHgYqZBcGdoUKNarsocfMgfwyxGK/3Q1phewcgrbyT5g9R0pQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arsante.ch; dmarc=pass action=none header.from=arsante.ch; dkim=pass header.d=arsante.ch; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arsante.ch; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tGBY5imd02tosviYrB7EuQD0LjKzYQEFq84Uno7D3VI=; b=V0DNLvsluuEJO72V5zahQbjPxZgFjUGK7fF6LX+JGv5kqYOoetH9PdaydJDXppJO7czzS8roq/OT+7JPJk4dO+ueWWtLaN5Fh8hDbTGhDyLRbc466IIvMi1kIfMzQ0yorQ8Ra6x/wFO+5CYVzYs7fsSH8QhSD0kVAbrVBuVPxZMICNuBczQgPyHYx0mV8xS8RRfyHzv4aVd3+8tICxAYDSUFK5AWzFptPVKMXksA3d8JAtwP/Q4x5zOB/lQyuvss/BEdBTEVyuK2y5QYfGfQ3tTF4ZSEUpR2uo29+i4AoNdwQMD9YNyasAOMHTw4cn6Wy6AhHg5BUJnsJgC3aTQSlg== Received: from GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:1e::13) by ZRAP278MB0923.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:4b::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 10:07:44 +0000 Received: from GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM ([fe80::4509:e010:c299:d5de]) by GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM ([fe80::4509:e010:c299:d5de%5]) with mapi id 15.20.7828.023; Tue, 6 Aug 2024 10:07:44 +0000 From: =?utf-8?B?R2HDq2xsZSBTYWxsYXo=?= <email address removed for privacy reasons> To: "email address removed for privacy reasons" <email address removed for privacy reasons> Subject: Test Thread-Topic: Test Thread-Index: AQHa5+h7N6d4nq/Ye0CDrZaLodb7LA== Date: Tue, 6 Aug 2024 10:07:44 +0000 Message-ID: <email address removed for privacy reasons> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arsante.ch; x-ms-traffictypediagnostic: GV0P278MB0051:EE_ ZRAP278MB0923:EE_ ZR2PEPF0000012C:EE_ ZRAP278MB0045:EE_ X-MS-Office365-Filtering-Correlation-Id: 5adff72c-17bb-4889-de5e-08dcb5ff9f1b x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0;ARA:13230040 366016 1800799024 376014 38070700018; X-Microsoft-Antispam-Message-Info-Original: =?utf-8?B?NXJDVnpQRjRCeGh3Y2Y0YmJ1UkpwcDdMYU5uY1YwZys4Y0dzN25aWU1BWkJW?= =?utf-8?B?QjhKREEwTEFJZ1Z5WTN4ZldSVW5ocjl4SG5RS2oxNVhWTmJFcko3bjJ3MCth?= =?utf-8?B?alVhQTI5aUt4dXBRazBBRkptd0w0SDBQTVNqYm12RG50WnhmejBTWGh3RWwy?= =?utf-8?B?QXFYdGdIUm5YVW1Cc3VWMEhFUTVFSTBJdHVibWxBSE13QXlRRGdpSjA0VlE1?= =?utf-8?B?OTRzbFp0THR3L29ITTVjMklkOG8zNS8zektVSElDSkhMMjg3VDFqODFKVEtO?= =?utf-8?B?ZkN2T1F6aGRpdWlEeGl4anVtNXZVVFRNcDZUdFFsVG0vekZtUW40aThRS0hU?= =?utf-8?B?YXk1emN4ZEQ0eVRiRlFxY3c1M0JJcElPaHlqN25lOWRoQXBKNzVlSXUxbVVP?= =?utf-8?B?ZGgzcnd6eENSNU9GVzJqWUF4ajQ5LzJack9OMVZUU0RTcG1lWnAzTWNhMkYz?= =?utf-8?B?eG1CVytvK3UyWHJremYwYXBkdDkvYk9VUkxaalpNSG95TXJsY3pkZkN4RTgr?= =?utf-8?B?VTZVdHFrRVpOeUVvRENWNmMwV3dVbUdISURIb0t3NGsxVWFnQXlxWkZhZmNl?= =?utf-8?B?bHVkdnNtL3RWMWFGdGxTUW11RU5rbjJpSUN2RTdCazhQdEZQaENoRnRsS0dN?= =?utf-8?B?RjY1QU81Y3d0TlVub0lFai9RNUxXcjVUMjkybEtOclhSd2tsRm0vSTFmVG1F?= =?utf-8?B?eGlwTjMvZlUyZC8xTjc3Kyt0M2hycnBUcGhQMzJOUW5YQjBuTERXdjFtcWxq?= =?utf-8?B?RjhNRGpMdUxoNHc5Qzh0MHpNazg5Vll0VmxLU09xeWNDRE5jbDN1YVBYV0FV?= =?utf-8?B?eDFKMjNnRzdwK1NkODRLdTYrR2hhUmlCMUJjTVFMK2VCMmROaFY2MG9zQS9S?= =?utf-8?B?a2xUdmdSVitjOTIrT2luY0c2YWxBRytpdlhkdmJ2QmRRaGR6Y1ZPMDJ0aHZN?= =?utf-8?B?RG9zTEw2SklJOVdna1BYSnhQMFJYcVczdnpJcStianloV1F5YkZIbDBZWFVu?= =?utf-8?B?NXMzUXd4Z2lVSlVSL3pkbmpJUEZzWmlwbDZLT1Z6TENGU090NEp0SWVZZThh?= =?utf-8?B?WnRLYkVrRlFBVnZvOXlZbkhSTHlCOC8vWVRwTFYwNHBmRVRMVmJ1VHVWVkYv?= =?utf-8?B?QkJCVE1zN1MxWXBMNGxwaXFLcE5mZmhPNE9qVEJJOW1sVFE1NUdVWVdwQmtN?= =?utf-8?B?ZGdRN0ZjdVB2cmF3T3RIS0RodE55bDZ1a3FvaHViNlRSQnBBYy8zYkJycnFY?= =?utf-8?B?MUZ6cFVqQ3RKL1pNRDlQMVVSRDRnNUVjdm85MjkwdlNTVElDKzlhUWpRU01j?= =?utf-8?B?dStpMVIxVSt5TEl5OGFWajl0SGFlS3Q3NzlMNjdDcEdaVWFMMEdKci9KblVt?= =?utf-8?B?UVVZNDdWN2dmWXNleWxLbURnOWIyUWY1akxkY2grT3kzU2NaaFhlYXdySFlz?= =?utf-8?B?M3UzRG9KYnFVRlB4R1NXclZQMEJvNmpkeTRMeFdUSThmZ01VNmY3azVWTmNj?= =?utf-8?Q?WweAfHPCNw+IvuMxwV6Y+uK61ZR?= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV0P278MB0051.CHEP278.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-Original-0: =?utf-8?B?aGIzdmNNWHZsb1JVT1E1SGFiNU1IeGxTdTdndThlYmN5bFU3d1c0aGRRMy9R?= =?utf-8?B?Z2NUc3N2QjBVeDNPcHprNWV4L1NXelNvaGtnUWpod2ZsT1BOb21qQzdZSmpB?= =?utf-8?B?S3R1US9VVU5QdEhKNEFNZnl3am9FYWx5eUJxd01Ob1lMREdrOG9GYU9pRWpq?= =?utf-8?B?NnVEUlhyWURaaCtzaHc1ZnpySCt2ZTFEc1lsNUx0enhUS3FzLzM2MlZiSXNJ?= =?utf-8?B?cHF0SGt3TmhTSWl1MC9XcVJlNVlqZmZLR2JCRVVzdXlOL0dhcm0rSlBsbVI4?= =?utf-8?B?bytncVRpMy9Da0hvV1RDelZlbnl6OGwyNXo2UDYwMng1Q2Fxd0QzR24wbjZJ?= =?utf-8?B?dGIyck5mK1RJMGQ0akQ2OFNtQ2tMTGQ1K3VlTENVMjRsWElnOFBOSTMyQ29E?= =?utf-8?B?SHNOWnBqdnFhdGFDeWk4bGtueDg4c3N6aVJoNFFZODdPM0dUVjYrWWtDakJC?= =?utf-8?B?NVhpUUdnRXRxVjVYVEFVRThOZmwwS3hBR0hBS2R6MUdZNDBtRGg4K0JETlNt?= =?utf-8?B?SHhhN3QyaVZPLzh6QVl3eThwQm1BbmQzUEJPMCswN2VvUExpUkdyNjhpVW5p?= =?utf-8?B?WGllZ2lXS0RLNnlMYUNmY1UrNnQ3Q0lrL2NyMHdvTEMyRHhOakZZV3lpWTR5?= =?utf-8?B?UzFheFBVTE5KbXh4QkxwOEtsd3E3UjBaQk9kN0hFSVBWQXNNTlBMcUNPN2Yv?= =?utf-8?B?bTlsZTZsQS9QNllYamh5WkdZWVYzbUtMUjBOU2NwN3Vnam9pbis1WDVZcUpT?= =?utf-8?B?cTh0cUhwZ1puQzAwQnJxUlpkdGIwVDNMRnV2VG05TTVLRmVtUUduZzhiOGRl?= =?utf-8?B?NWRXMms5eHovSFc0VnRXRVI0SDZ0MUpVaWpmVXpMWkw5UXk4WUdPQmJOeGpy?= =?utf-8?B?aWFBTkI0bVVVVm5ZTlZsOHhCM0M4c0FyVzZBYjdTZEFJdHljb3o1T2FLN0xn?= =?utf-8?B?dkpkdjFWbkUvVEZHV0FadUkwanBCZEJGVlZKcXdFaitaTUNRVXpqSEZTQm0x?= =?utf-8?B?WXBWZkdjZ1R4VmhhSWFKK2lRUEkxUDJ6NVoxNzU4b3VTdGFuclhNckE1VWN1?= =?utf-8?B?VThCa3g4Wmc1SWpkcWVta1ByMEZrMUtYNlZEQ1pKL1YzMC9RbnJZQVFBREVP?= =?utf-8?B?a2ZyVGNuTkNtbFEyaVF3YUl0TEx2UUYwYVlOdW9SbTE3U0s4eHd1b1NVNXgr?= =?utf-8?B?a3V4TlZGSkorRHoyNjh4cjdVdVNUZFdhS2dWWW9HdHBscFJlbE52MUU0OUox?= =?utf-8?B?SWtaQWlsaE9ZQkozRTU4eVRFZ01MZlh0RkFpVHZDUG1TVVg4UGxjVmRDT2Vm?= =?utf-8?B?WWNHTW5ieU9mOHl4T1N5UkRxa051UEE4VGdSN3hiYkhrV29wZ0E2Y2VzM2ww?= =?utf-8?B?WWIyenhVMjR3WkFoSEZ5REZPMW1CVC9LMElkY1lSdzBielFmWURzZlN1NERB?= =?utf-8?B?WlhwOHZwaFdleG1JaHFwMU0xeTByS1pBcmhwbkVUK0l5a2tmT0NBeVgrZS9a?= =?utf-8?B?Z2tMQkRnd2d4OG9MMjUvZTBteDYwcEJOVXdUMHltbVluTnNiSURHdFhSelhS?= =?utf-8?B?MGhyZTdLMkxSSFhDWm50QUt3b2I2cUJWb2RWS3hDNW9PUlMrT1FuMlNTNllH?= =?utf-8?B?b1Q2VnowMUNNTlpXT1U4YmxvQVBmcGNZdHhHZUgwMG1rSmQ1eTltbEUzMjlO?= =?utf-8?B?alVoL1NOckcyZkdiL1ZzemZ4blZrZXE0R0xEVk81ZExldUIrTTIzb21NK3VJ?= =?utf-8?B?SjdsY3d6T2xIa0ROL1kwMG5rZmZWcnpYR0dJc2IxZVJWQVpYVkdmOEhEaXlR?= =?utf-8?B?cC9DYndrZVBqQyt3QitiMWpFWWsrdnh1bzR4QkVtU0ZkbDNiR0hYTnpXdDdO?= =?utf-8?B?V3UyRGRhNVFHQ0xscWQ5dGZXNFUwbTlBVFNOcVpOTU5mR1NFekxFYWRsVmpi?= =?utf-8?B?dEgwOWU4aGJDdnNYUGl4MGRQd2pvWEEycHo4VDNOTXdSZERScFZiSUlMKzZl?= =?utf-8?B?MTUxc0V6ZTR3Rm9lNmxCT3EvYnZJdklTQmhmVHhuRXpnZTBCTEVHZGNiUTVT?= =?utf-8?B?bnJSRUhPTzJuRHpLalFublJTcFgvOVlqYnlCblN3NjhVZUp4NmsxSk91ek9l?= =?utf-8?B?OVlRaWJQZDk1MWg2eCt5bHF4RnVVL0hwMlZBMmo0Y0RjUXBWSmFVaGcrQ2hH?= =?utf-8?B?Vmc9PQ==?= Content-Type: text/plain; charset="utf-8" Content-ID: <email address removed for privacy reasons> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: ZRAP278MB0923 Return-Path: email address removed for privacy reasons X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 34af5d30-e9cb-484b-86d8-2ae5ada91fe8:0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM X-MS-Exchange-Transport-CrossTenantHeadersPromoted: ZR2PEPF0000012C.CHEP278.PROD.OUTLOOK.COM X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: c9a130fa-b1d7-4c47-2596-08dcb5ff9dc8 X-Forefront-Antispam-Report: CIP:40.107.167.112;CTRY:CH;LANG:fr;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:ZRZP278CU001.outbound.protection.outlook.com;PTR:mail-switzerlandnorthazon11021112.outbound.protection.outlook.com;CAT:PHISH;SFS:(13230040)(35042699022);DIR:INB; X-Microsoft-Antispam: BCL:0;ARA:13230040 35042699022; X-Microsoft-Antispam-Message-Info: =?utf-8?B?YVM3UldKVy9RVWJjYzZzbzExWjdxdndQdUtONVZYZGl1RWhaZGZ2Qm55dEp6?= =?utf-8?B?WGZsMFN2UTBEaXdHS1VpeHNkQ2NPdHJ0TE14eGZheFZPTTRFeTVVM01xNFZh?= =?utf-8?B?dmJnZ2tDWjQrVFN5c3lBazdsK1hCSndXdVk0aGE5VnR4emdOTW9aQ3hkWU1t?= =?utf-8?B?cGZORytOZy9kbks0NnEvOVBERllRYXVKaTl0MWFkV2VrTy96ZkEySnhuUDA1?= =?utf-8?B?MmdaTi91RVR0b3pMVkRQUmwraHBpM3lRbS9UaGtZOFhpbGt0bzB3dlFqaHJo?= =?utf-8?B?dWRpcU9oUmc0WkFqeHBhY0JWaWFkZlZZMjR4UG5ZVThRZW9JRHJrc1d5MXE4?= =?utf-8?B?SzMwNFc4T2FZd0dKVHcxOTcwTjNCbUQvdGFRYXdVT1VLMFZDbmh6OHR2Wk94?= =?utf-8?B?b3c5YXlZeG1sRlpnQm1HZno1cEdtMTJUSG9nS1ZUNmh6NVJLd1BWd0tPT2k1?= =?utf-8?B?czRnN2txK2N5bmlraS9wMDByTUJQZTZ1SWpncFk3TExuNnkydHBiUW1ZVHV4?= =?utf-8?B?Z2ViZExhR3krZHY2WjN6RURneThjQjROUWVsTjhmRnBqdkpDemhBbSt1WHFa?= =?utf-8?B?cjJ4TDJ2Y2lpYjB2MmY3U29keTM0d3cvQjZVdFl6dGJaazU0VTI1R0U4aGNt?= =?utf-8?B?d1AydGJ2cXcwU1M0Ui9sVzY5MG5TZ2wzb1pwbVY2cmNCK1c3bVZSa0NrMDh5?= =?utf-8?B?L2hIZDlqdFVFb0FNcVJCQUxkMXlLU1h6QnJDRmRSMkVJUUgybTRmSDNUZWRw?= =?utf-8?B?VHYybHZRUVplWlVkMk5IR0piVDNRejZGczFOTlNBd2phL3NnL0VIRjdseWk5?= =?utf-8?B?MSs0S3oyZUdlV2Vac3ZkQ2hHU0xzeFlZN1g2d1pWV0RxcHVaTHIyeHE0Q1hW?= =?utf-8?B?TUQxd3FNSjRWVW9UbHlsVlJWTUtnN05PaEV0NGZSKzJtVnVFdVp3K1AraDU4?= =?utf-8?B?c3k3em5CbkdEWmpvblRDdk44N0s1V0Yrckx3QjgzTklBdGpNemQwZUJVN3p4?= =?utf-8?B?TCtwd0xrVHRYMnVic2FUT1ZqSmxhUFA4WUt6dXBvZzhEMGUyR0l4N1k1MStq?= =?utf-8?B?L0JZbnVWOUtuRHpLMTZYUXYxcXZWUXJweE9Ba25ld0FXbDlIcFFLbld5V1Q1?= =?utf-8?B?OU1ON3BhbCtFbTZSWXAzc2VLTXpOUEEyZFZ0NDRQVWR2Skd2SUZnT1EzTXg2?= =?utf-8?B?Ky9BaUxnaWszdEpsbHNhOTBjaEI0Z29QYzBlZXFFSmRRWEVZc0RDQk1QTndr?= =?utf-8?B?Mk5SZE9vbUZaNmx3MlhmeXB5dTZUajVTTEVGYnZMVHVNOVZSL3ZkSFVOU2RO?= =?utf-8?B?Z0hPbEQzVVZXeDdnN0FMb1hPYVg3YkZ5UHBFZDZJVnNWc09takNRTHRTNGNU?= =?utf-8?B?VVpqbjU1MElZalREb3lrdlFoa2VvRWdqakhESVZGMHhpZ0NzZ1Ywb2dhS2NN?= =?utf-8?B?Znc0b0l4d2pXMUVCcjA3NkkzYWZVeUNKNisvcHJFVGxYMWs3L3R4ZEozdVNm?= =?utf-8?B?ald2Zzhsa3Z4ZHVUQmQ4ZVhQTnRDU3dVQXlCUzVNamNmMHJHTEZCV3doVTAv?= =?utf-8?B?dWNvYUJ3eE5LV0FRbXBsKzJNVzdxTGxDMmwrTkJhYVdhMzYvaHpTSFNzMm00?= =?utf-8?B?Y1RVRVFsWVFtZ3NGOHZZSmMzSmRrbHMwckdVU2tUTVJ1djdtQXJnbDdiZU40?= =?utf-8?B?ZmRJK1hyRUJLVk9ocW1Xc21rM2FVNXlaVm1SWjRIa2RBblJySnl4bzVkRjRm?= =?utf-8?B?K3VDb3dOMjg0MnE0U2s5bzN4V0d1dnU2YmdwREMvM2hNQ2xZbTJhRzFXUEpC?= =?utf-8?B?TjcxWGEyY3pUNmhvR3JiOGVSR1BISVg2MUZmQysreDVNdlV6KzkvS0svak1L?= =?utf-8?B?WEE4a2ExUE9FQUlmQVNHdjFEZTJpVUMycG0xdmF3SXcwTjRvSVdJL1M5YjZL?= =?utf-8?B?OWhubFIxalRSWFhqZW1zMCtzRERXc2hnVHpLYmlVVFRXZXp2VklZSExrR2hK?= =?utf-8?B?cG5EUFJJbkxvcVpFYVZaOU85cERsVGZ1ZmJ5TS9JdGF4ZEJKSEhHU0VoMlEz?= =?utf-8?B?L1hFQmlnQk1GK05rMUZlSlJhU0RSNmpsbkZVQkZDZHc0MEhGcXpkd1FjNFBR?= =?utf-8?B?TkljcC96aHpxV1huTEF2SVQyS0JVVE1QNnd6cFJ0RjNibjErbjEwejBUZWR5?= =?utf-8?B?M3Iyb2t1VDFaczVCbFp6WDVDTndtMTc0b1M2M3RkRlBJMlFMdVJ2Z3BIR3Jw?= =?utf-8?B?OW1aZS9IcDJOcVp3ZUZPeWxTeEVSV1VteXNGVmhZUWJSOG9KRHkvK1drTzZu?= =?utf-8?B?dTVxNlJHQU5XdUswQzIyUENzUlZjVUNCT0VSTnFTdGdVazZvTTJJUytnUGNq?= =?utf-8?B?Wjc0c3FwakJDczB2K0xVb29HUEJmS0lrbXliN1F5MTB2dWw1SU82M2JjeEJw?= =?utf-8?B?QXJQK0RqRWVJb0lscTVFQ3FuSlRHLzF2b0lXOGNhV2NZV2lrYlRkK1VPOW9H?= =?utf-8?B?ZlRGc3hhV3ByKzVnakxHbDczelZnY3FsR3dLRVhaM2t4UWtSR3NsT1ZVZXZK?= =?utf-8?B?Sll1dHRBWDV0bDBIdHI5ZzRtK2piZ1BRWHRPRVI4V3BtZk5BeG4vWXVGRElP?= =?utf-8?B?ckFRSEJvWEhXZE9XeFYrQTVXZ0d2M2t2V29jeDJwdFI3OUdGVTJxR2o1eWZB?= =?utf-8?B?a0k1VmsvTHpNSFJvY2RHRnNST2Yzenh3TXQ4WVo4UHFkdjN5M2JuY3BCL0Fa?= =?utf-8?B?bFFjQVhuMDN0V1BoYUYyc2t6ZFc1NW1yQ0dzUWVISEsveGJ4dlQvM3Mrb3po?= =?utf-8?B?SGVEbHpoOVplSE9HYjVuZnptMWhuSlVBKzY0Um96d0g0M3FOSFByOTNkOEZy?= =?utf-8?B?OTB1TmcvRS8xbGRoZEc5REs2NG5YbVZIZVBYcER3bHNEcjB1c0l5WmVBeS9w?= =?utf-8?B?NXd3Sm1GV05IOXhVVXVYT3RSRjlXNlhoaFRMTnBKUVcvTGZnbHc9PQ==?=
  
  Mail are quarantined even if the mail is blank.
  
  Thanks for your help,
  regards
  - ExMSW4319
    Iron Contributor
    Aug 09, 2024
    MX says the sender is also M365 (as per the headers) and they do not look like the sort of organisation that would cause trouble. Their ISP (going by the domain SOA) is in our bad books for unrelated reasons. You might want to sniff around any URLs they routinely include, though I believe that you said the problem was related to one sender. Being on M365, has the sender had a recent "misfortune"? If the sender's address was in your own Tenant Allow / Block list then you would not see the mails at all, unless your anti-spam policy is very weak.

Forum Discussion

All the mail from one mail adress arrive in quarantine with an SCL = 5

12 Replies

Resources