Anti-spam protection policy (scan2mail) false positives

Steel Contributor

Hi all, there seems to be a big change in the default anti-spam protection policy settings in Exchange Online. Since today a lot of our customer's emails (scan2mails) are suddenly filtered as SPAM.


SPF records and connectors for Office 365 SMTP relays are and were configured as recommended in the MS docs.


I escalated this issue today to Microsoft 365 support. I'll keep you all posted.

 

UPDATE 03/21/2023: I just had an MS Teams call with MS support and also shared the submission ID’s.

 

UPDATE 03/22/2023: MS support let me know that their engineering team could mitigated the issue. Please open a support request and pass them the tenant- and submission ID's.

 

UPDATE 03/22/2023: Some users' email messages are unexpectedly delivered to the Junk Email folder or quarantined in Exchange Online (ID: EX530821) - Status: Service Restored.

8 Replies

@MathieuVandenHautte 

Any change from your side say EOP, security and compliance setting?

May dig our some sample Email to perform message trace to learn more about your case

 

We are also seeing a lot more false positives on multiple clients since a few days.
Please keep posting here if you find anything regarding changes.

@MathieuVandenHautte 

 

From a 15k seat tenant, graph for the last week attached.

Hi Bemaxlala, MS support let me know that their engineering team could mitigated the issue. Please open a support request and pass them the tenant- and submission ID's.

@MathieuVandenHautte 

 

Problem appears to be slackening.

 

Submission verdicts all come back "Not spam. Should not have been blocked."

 

Nothing relevant in Service Health indicating there was a problem.

EX530821: Exchange Online Service Health Notification

Some users' email messages are unexpectedly delivered to the Junk Email folder or quarantined in Exchange Online

Final status: We’ve determined that a recent update to optimize the detection proficiency of potential spam prior to delivery caused some legitimate messages to be incorrectly flagged and delivered to the Junk Email folder or quarantined in Exchange Online. We’ve published an update to our detection systems to address this issue and confirmed via telemetry that that the issue is resolved.

Like @ExMSW4319 above, we have a similar looking report:

Mrbendo_0-1680046756175.png

Its rather galling to have support tell us that nothing has changed.  Clearly something has changed.  Fortunately on this post, there has been communication thru @MathieuVandenHautte that there is an issue with emails being misidentified.  I even saw a post that said someone at Microsoft acknowledged that spammers had found a way to circumvent some of the spam filtering and this was the cause in the uptick.  Its unfortunate that Microsoft can't admit this is the case on their health status notifications.  Our company has tech savy bosses who know tro look for these health alerts.  When these issues are properly identified and noted in posts, the burden falls on our staff for explaining whats happening.  Our staff gets hung out to dry because MS refuses to acknowledge the issue.  MS needs to know this approach to minimizing reported outages is not popular and a terrible way to treat their extended support family!

I am having this issue with 1 client at this time. started yesterday. checking all other clients to see who's affected.