Forum Discussion
My emails are being quarantined by Office 365 and I need help
I am having really bad issue.
We use Google Business for email and Sendgrid SMTP service via our ERP Odoo to send transactional emails.
But since last week all of the customers and suppliers that use office 365 are not seeing our emails. Their are being quarantined for suspicion of phishing.
WE have been sending the same emails since 2021 so I don't understand how all of a sudden our emails are being blocked.
If i send an email with any attachment including my logo in my signature, the email gets blocked but If i send the email with nothing in it it goes through...
Let me know if anyone has an idea because I am loosing my mind, i do not know what to do.
It looks like it really was a DMARC issue.
DMARC takes a couple of days to kick in. On Friday i did some more tests that did not go through and all of a sudden all of the tests went through over the weekend which coincided with the DMARC being 100% authenticated.
So lesson learned, make sure you have a SPF, DKIM, and DMARC on your DNS.
Thank you for chiming in !
10 Replies
It looks like it really was a DMARC issue.
DMARC takes a couple of days to kick in. On Friday i did some more tests that did not go through and all of a sudden all of the tests went through over the weekend which coincided with the DMARC being 100% authenticated.
So lesson learned, make sure you have a SPF, DKIM, and DMARC on your DNS.
Thank you for chiming in !
alex_ase - I use Google Workspace, I have DKIM and SPF set up, but Outlook Protection isn't preserving my DKIM or SPF so DMARC is soft failing and messages are being quarantined. Do you or anyone else have any ideas?
You have to had the DMARC record directly on your registrar. It had to be done on the domain side.
- Hey!
Examine the following email content: Certain characteristics in your emails, such as attachments or specific text, may raise the suspicion of phishing. You noted that emails without attachments are delivered, thus it's worth investigating the files and content that may be causing the issue. Check to see if any of the attachments or content were inadvertently labelled as harmful.
Verify DKIM and SPF: DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) are authentication mechanisms that aid in the verification of your emails' validity. Check that your domain's DKIM and SPF records are correctly configured. This procedure entails adding appropriate DNS records to your domain's configuration.
Monitor email bouncebacks: If your emails are being rejected, you may receive bounceback messages or non-delivery reports (NDRs) that explain why the emails were refused. Examine these messages for any hints or error codes that will help you identify the problem.
Check IP reputation: If your emails are consistently being quarantined, it's possible that the IP address associated with your SMTP service (Sendgrid) has a poor reputation. This can happen if other users sharing the same IP address have engaged in spamming or other malicious activities. Contact Sendgrid support and inquire about the reputation of the IP address you're using to send emails. They might be able to assign you a different, cleaner IP address to improve deliverability.
Contact Office 365 support: If you have exhausted the above steps and are still experiencing problems, it's advisable to reach out to Office 365 support for further assistance. Provide them with all the relevant information, such as the specific error messages, bounceback details, and any steps you have already taken to address the issue. They should be able to investigate the problem and provide guidance on resolving it.
Let me know if that was any help. 🙂- Thank you guys for chiming in, really appreciated. This is really nightmarish.
I just added DMARC to my DNS records but that did not change anything.
Regarding Sendgrid, I used to have 2 dedicated IP. Ihad a zoom call with them to go over my account and optimize everything. One of the thing we did is to delete one of the IP and keep the best one. The reason being is that I only send 15k transactional emails per month and they told that it is too little for two IP. So that is optimized as well. I have this IP since December 2020 and never had any issue before last week.
My IT company who is a Microsoft partner opened a ticket with Microsoft directly to see what could cause this...
The PDF attachment that we send are the same exact ones since 2020. However I will have the links in them removed to see if that changes anything for deliverability as if i send the email without any signature and just the pdf converted in jpeg it goes through.
I will keep you guys posted to ensure we get to the bottom of this for the next person that would have the same type of issue.- it looks like DMARC is slowly propagating as I am receiving emails with the DMARC results slowly from different domains such as yahoo, aol, and att
Hopefully that was the issue and it will take another 24-48h to solve
- Is it worth considering that your domain is on a blacklist for whatever reason? Being someone who works with spam filtering a lot, sometimes domains within an e-mail signature can become put on a blacklist which then is rejected by the receiving mail server. An easy way to check is by visiting mxtoolbox.com and typing in your domain under the "blacklist" section.
I've had an instance before where one of my OWN clients (sending e-mail server being Exchange) was blacklisted by Office365 and we were NOT able to send e-mails out to anyone. Exchange looked at its own tenant and considered them potentially malicious (usually to shut down users that are potentially compromised). I believe someone reported them as spam to Microsoft, but I was actually able to quickly redact this blacklist on the admin-side of things for Microsoft Defender. Try the first portion of this response and see if it helps. - I should mention that my url is allsecurityequipment.com
and that might trigger the machine learning for phishing detection
