Desperate for help... ATP classified our domain as malicious by mistake and that's destroying us

%3CLINGO-SUB%20id%3D%22lingo-sub-1665211%22%20slang%3D%22en-US%22%3EDesperate%20for%20help...%20ATP%20classified%20our%20domain%20as%20malicious%20by%20mistake%20and%20that's%20destroying%20us%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1665211%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22%22%3ESince%20Saturday%2C%20every%20time%20anyone%20with%20Microsoft%20ATP%20enabled%20clicks%20on%20a%20link%20from%20our%20domain%2C%20safe%20links%20blocks%20it%20and%20tells%20them%20that%20our%20site%20is%20malicious%20(which%20it's%20not).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20domain%20is%20marked%20as%20safe%20on%20all%20the%20other%20security%20providers%20we've%20found.%20Only%20Microsoft%20Advance%20Thread%20Protection%20is%20blocking%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20has%20to%20be%20a%20way%20for%20Microsoft%20to%20fix%20the%20issue%20on%20their%20block%20domain%20list%20inside%20ATP%20(safelinks).%3C%2FP%3E%3CP%3E%3CSPAN%3EWith%20so%20many%20Office%20365%20users%20in%20B2B%2C%26nbsp%3Bblocking%20and%20pointing%20a%20safe%20company's%20domain%20as%20malicious%20by%20mistake%20causes%20a%20really%20big%20problem%20for%20that%20company%20and%20can%20cost%20serious%2C%20irreparable%20damage%20to%20it.%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20situation%20is%20really%20hurting%20our%20business%20at%20a%20deep%20level.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20help%20please%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1665973%22%20slang%3D%22en-US%22%3ERe%3A%20Desperate%20for%20help...%20ATP%20classified%20our%20domain%20as%20malicious%20by%20mistake%20and%20that's%20destroying%20us%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1665973%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F791464%22%20target%3D%22_blank%22%3E%40jmadriz%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%2C%20I%20recommend%20you%20to%20open%20a%20case%20with%20premier%20support%26nbsp%3Bto%20get%20help%20with%20this.%20Otherwise%20you%20can%3CSPAN%3E%26nbsp%3Buse%20the%20Submissions%20portal%20in%20the%20Security%20%26amp%3B%20Compliance%20Center%20to%20submit%20email%20messages%2C%20URLs%2C%20and%20attachments%20to%20Microsoft%20for%20scanning.%20Use%20the%20%22Send%20a%20suspect%20URL%20to%20Microsoft%22%20function%20with%20reason%20for%20submission%20%22Should%20not%20have%20been%20blocked%22.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22newsubmission.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F218215iE395F52E6A5A737A%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22newsubmission.png%22%20alt%3D%22newsubmission.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CH3%20id%3D%22toc-hId-1230387411%22%20id%3D%22toc-hId-1230387382%22%3E%26nbsp%3B%3C%2FH3%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Since Saturday, every time anyone with Microsoft ATP enabled clicks on a link from our domain, safe links blocks it and tells them that our site is malicious (which it's not).

 

Our domain is marked as safe on all the other security providers we've found. Only Microsoft Advance Thread Protection is blocking it.

 

There has to be a way for Microsoft to fix the issue on their block domain list inside ATP (safelinks).

With so many Office 365 users in B2B, blocking and pointing a safe company's domain as malicious by mistake causes a really big problem for that company and can cost serious, irreparable damage to it. 

This situation is really hurting our business at a deep level.

 

Can anyone help please?

Thanks!

1 Reply

@jmadriz 

First, I recommend you to open a case with premier support to get help with this. Otherwise you can use the Submissions portal in the Security & Compliance Center to submit email messages, URLs, and attachments to Microsoft for scanning. Use the "Send a suspect URL to Microsoft" function with reason for submission "Should not have been blocked". 

 

newsubmission.png