Forum Discussion
Microsoft Defender for Email & Collaboration - "Whitelist"
We have "Whitelisted" some domains (e.g. appriver.com) by adding the domain to "Add trusted senders and domains" in the Spam policies; as well as adding a rule in Microsoft365 Exchange Mail flow Rule...
- I do see SFV:BLK in the header.
Hello somaji,
1. Try to change the SCL to -1.
2. Go to Quarantine and check the reason why these emails were quarantined. Probably, there is another reason (Phish).
- mikhailf
Thank you.
I had the SCL set to -1; I switched to 1 following Microsoft's SCL scaling documentation.;since it was not working.
Quarantine details
Quarantine Reason: Spam
Policy type: Anti-spam Policy (Name: Strict Preset Policy),
Delivery Action: Blocked
Location: Quarantine
Primary Override: Source Blocked by user policy; Sender address list
DMARC Pass
DKIM Pass
SPF Soft fail
Composite Auth: Pass
Any suggestions?- "Primary Override: Source Blocked by user policy; Sender address list"
Check the Blocked domain/sender lists in the Anti-spam policy.- mikhailf
For the policy, the domains are in Allowed Domains list; the e-mail addresses are also in Allowed Senders list; which is redundant I think. When one didn't work, I added the other. I think either the issue is somewhere else, or I am not understanding where to make the change (Defender Portal -> Email & Collaboration -> Policies & Rules -> Threat Policies -> Anti-Spam Policies -> Anti-Spam inbound policy)
