Forum Discussion
"Defender" quarantine blocking emails notifying users of quarantined emails
I'm sorry, but this product is defective. It blocks messages from Microsoft notifying the customer it has blocked a message. It blocks messages from Microsoft when requesting Migration Reports be sent...
This is probably happening since the sender domain does not pass SPF and DMARC authentication. The quarantine notifications are being sent from "Email address removed" but the emails do not pass SPF and DMARC checks. Since Microsoft.com DMARC gets applied to emails from subdomain "messaging.microsoft.com", the emails get marked as spoof since DMARC of microsoft.com is set to reject emails spoofing their domain: v=DMARC1; p=reject; pct=100; rua=mailto:Email address removed; ruf=mailto:Email address removed; fo=1
Easy solution: You can whitelist the sender in Anti-spam policy or create a mail flow rule to set SCL= -1 when sender is "Email address removed".
Easy solution: You can whitelist the sender in Anti-spam policy or create a mail flow rule to set SCL= -1 when sender is "Email address removed".
You're probably right, but that's not in my category of things I should fix. That's Microsoft's responsibility.