Forum Discussion
Marking Quarantine Notice senders as safe for entire tenant
Our users get quarantine notices weekly. They're configured to come from mailto:email address removed for privacy reasons (the domain specific to tenant).. sometimes they come from mailto:email address removed for privacy reasons anyways, but this is fine.
The thing is, I end up with a LOT of users who end up receiving these in their junk mail. We have a lot of tenants - I don't really have the time to keep checking them, taking action on mis-junked items. Most stuff is configured to go to quarantine anyway.
What's the best way to allow these senders? The IB Anti-Spam safe-senders component is not Secure-Score recommended, and we try to keep these scores high. But the tenant allow/block list allows a max of 45days since last use. There's so many options, I'm a little confused as to what's 'right'
Thanks
2 Replies
Thanks to Community redacting your details we can't see if there is any obvious mistake in your left-hand side choices on the notice addresses.
Have you checked that your recipients have not reported their own quarantine notices? If you are using the Exchange Online powershell you can check that with:
get-MailboxJunkEmailConfiguration -identity user@domain | `
Select -ExpandProperty BlockedSendersAndDomains
However, you mention that many users have the problem so this explanation seems unlikely.
Assuming the right hand sides align with your Accepted Domains, the other thing to check is that the public DNS records (MX, SPF and DMARC if it is in use) are correct.
Definitely room for lots of subjectivity but I like to use Transport Rules for things like this (org-wide, system like stuff, such as quarantine notifications), and stick to the TABL for allows/blocks otherwise. You could make a transport rule that when messages from that sender come in, it bypassed spam filtering (which will bypass the basic stuff, apart from things like URL reputation, file reputation, malware, and other high-confidence-by-default detection techs. You can also use the same or another transport rule to make sure some messages are always in the Focused view for Focused Inbox users.
