Forum Discussion
Emails being accepted by large organisation
Hi
I have to interact regularly with a large UK public sector organisation. Unfortunatley, a number of my emails (and those of my colleagues that have the same domain name) end up in spam folders or spam quarantines and it is very frustrating. I have requested that our email addresses are "whitelisted" but this has been refused on the grounds of security even though there is no history of the domain being used insecurely. I am told it is because of the "hopping" of my emails .
My emails have the spf on them. I have also never received a blocked senders notice from Microsoft.
Is there anything that can be done?
5 Replies
I understand how frustrating it can be to have your emails continuously end up in spam folders, especially when you're working closely with a public sector organization. Even with your emails meeting basic deliverability requirements, such as SPF records and a history of secure sending, there are still several factors that could be affecting the situation. Here are a few steps that may help improve deliverability:
- Evaluate Email Content and Frequency: Even subtle triggers within the email content, subject lines, or the frequency of sending can sometimes cause emails to be flagged. Avoiding too many hyperlinks, using minimal capitalized words, and ensuring that the email language doesn't resemble typical spam triggers can all help.
- Perform an Email Deliverability Test: A helpful way to assess if your emails contain elements that could be triggering spam filters is to run them through a https://campaigncleaner.com/tools/mail-tester/ to see if any deliverability improvements can be made. This tool can give you insights into any hidden red flags that may be causing your emails to end up in spam.
- Implement DKIM and DMARC Records: Since you already have SPF, adding DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records to your domain could enhance your email authentication. This is especially helpful with larger organizations that use more advanced security and filtering systems. DMARC, in particular, gives domain owners more control over who can send emails on behalf of the domain.
- Check for IP Reputation Issues: Even though you’ve had no history of your domain being used insecurely, it’s worth checking the reputation of your IP address. If you’re using a shared server, other users on that server may affect the reputation. Services like MXToolbox can help you see if your IP has been flagged anywhere.
- Adjust Sending Patterns: Sometimes, sending patterns, or "hopping," can be perceived as unusual or suspicious by email filters. To counteract this, consider testing a more consistent pattern of email communication or even reaching out to the public sector organization to explain your sending practices in detail.
I hope these suggestions help improve your email deliverability. Getting through strict spam filters can require some trial and error, but with consistent attention to these details, you should see improvements over time.
- This can happen for various reasons, easiest way to figure out will be by requesting message header from the organization where emails are getting blocked. If this is happening while sending emails to a single Organization then their security policy settings might also be at cause.
If this is happening for different recipient organizations then there can be two main reasons for the same:
Authentication failure: Error while authenticating the sender domain. Check any issues with Domain authentication at https://mxtoolbox.com/MXLookup.aspx
Email content spam: If content of the email is causing the increase in Spam Confidence Level and that's why the email is getting sent to Junk then test by sending empty email to required recipients if they receive the emails. You can check the Spam score of the email at https://www.mail-tester.com/ and accordingly change the email content.
External sender domain whitelisting is not recommended hence no organization will like to increase their threat exposure in case external organizations get compromised. It might be possible for some reason if sender domain reputation got affected and Microsoft blacklisted the domain. In that case a Support ticket should be raised with Microsoft to get the domain removed from Blacklist.- Hi
Many thanks for your helpful reply.
The problem only occurs with the one organisation so I think you earlier suggestion that it is due to the security policy of the single organisation might be the route cause of the problem. Could it be to do with the spam filter because once a few emails have been exchanged between a recipient and myself the emails go through fine. I have tried the mail-tester .com you suggest above and the email came back as 8.9/10 and not blacklisted.
I understand the argument for not using safe senders lists but Microsoft says that malware emails will be stopped so is that re-assurance distrusted?- Yes. Even if senders and sender domains are added to safe list, if emails are detected as Malware or High confidence phish ,they will be blocked. But since this is happening for a single organization and not all emails to recipient are getting blocked this is possibly because of some security policies blocking for example any particular Attachment extensions, URL/URL domains, IPs etc. Best way to figure out will be contacting recipient organization's IT team since you are not receiving NDRs.
As you mentioned emails go through once communication is established. This happens when O365 mailbox intelligence blocks emails for Impersonation or Spoof protections. In these cases it is best recommended to set up your SPF, DKIM and DMARC authentications accurately.
