Email for our M365 tenant being delivered to Junk Mail Folder

Copper Contributor

I have one user in our org that has messages from two co-workers in the same tenant, with the same email domain, being delivered to her Junk Mail folder.

 

As a test, I created a spam filter policy that applies only to this user.  I turned off almost all spam rules and set spam polices to "add an X header" instead of delivering to Jmf.

the user has an outlook mailbox "rule" to move the message from Junk to Inbox, and that works but very soon after the message are moved BACK to Junk.

 

Can anyone provide a technique to troubleshoot what is causing the delivery to Junk so that I can fix this.  I am looking at the email headers and I can't decipher why the messages continue to be sent to Junk.

6 Replies
You can always submit the message to analysis with Microsoft (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/admin-submission?view=o3...) or open a support request to get more details.
Thank you for sending the link. I have submitted the messages for analysis.

@cmiarshvac 

Does this happen with only Exchange Online involved, meaning no other client, e.g., Outlook for Desktop or Outlook Mobile is having access to the mailbox while this "phenomenon" happens?

 

I assume that the user sends email messages using Outlook? Or are the messages delivered using SMTP?

Did you check the message headers of the received messages with the message header analyzer?
https://mha.azurewebsites.net/ 

Messages are taking this route: Outlook Desktop -> Exchange Online -> Outlook Desktop

I have looked at the header using the header analyzer. I didn't find anything useful. Is there some header that I should focus on to gain more insight? I did some research on the "X-Microsoft-Antispam-Mailbox-Delivery" header thinking that maybe I could decode the value and find the "reason". After a long (but not exhaustive) search, it seems the codes aren't well documented.

@cmiarshvac 

Your starting point is the X-Forefront-Antispam-Report header. There is documentation available regarding the different components mentioned in that header.

Does this header already designate the junk folder as a target for message delivery?

 

 

The X-ForeFront-AntiSpam-Report looks pretty clean:
SCL:-1; SRV:; IPV:NLI; SFV:SKI... PTR:;CAT:NONE;SFS:;DIR:INB;

Would this indicate this is likely an issue with the user's rules or possible Outlook Desktop categorizing as Spam?