Many of my customers are recently not getting any authentication emails from my apps anymore. The DKIM keys are setup, authorized senders and so on. The authentication emails do go through to non-office365 emails. Any hints on who to talk to?

The delisting service also has no effect. I enter my sender email and IP (now have a dedicated one) into https://sender.office.com/, verify it by clicking the link I get (I don't block THEIR mails "ha ha") and then I get "Delisting was denied, click to escalate". After that I don't hear anything.The problem is that these auth emails somehow get tagged as spam in ONE Microsoft customer, and then protection.outlook.com blocks them for all.I'm starting to think a lawsuit may be the way to go

Just want to thank FcoManigrasso here too, he's been very helpful in finding out what the problem is! Post your donation link here, FcoManigrasso!Basically, for existing customers we have to tell their IT departments to whitelist our sender. We'll add a notice to the login page about this. This is also the Microsoft way of doing it, according to this link: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/services-for-non-customers?view=o365-worldwideIn short, customers must whitelist our senders or open a ticket with Microsoft support about it.The only thing not solveable by this approach is the case of new companies. This adds a LOT of friction to the signup process. Basically it is blocking it altogether.

arnotixe did you try delist first? Delist IP - Delist IP (office.com)

hiKidd_Ip yes but I get the answer "We were unable to identify anything on our side that would prevent your mail from reaching Outlook.com customers."I have tried sending to my own @outlook.com account, and it goes through. But none of the business customers get their authentication emails.

(I have a list of several problem domains all resolving to a *.mail.protection.outlook.com. mail exchange, but don't feel I can share the domain list on a public forum)

Firebase authentication emails are blocked by Office 365

Kidd_Ip
MVP
Feb 23, 2023
arnotixe
did you try delist first?

Delist IP - Delist IP (office.com)
- arnotixe
  Copper Contributor
  Feb 27, 2023
  hiKidd_Ip
  yes but I get the answer "We were unable to identify anything on our side that would prevent your mail from reaching Outlook.com customers."
  I have tried sending to my own @outlook.com account, and it goes through. But none of the business customers get their authentication emails.
  - arnotixe
    Copper Contributor
    Feb 27, 2023
    (I have a list of several problem domains all resolving to a *.mail.protection.outlook.com. mail exchange, but don't feel I can share the domain list on a public forum)
FcoManigrasso
Iron Contributor
Feb 27, 2023
Hi arnotixe,

I'll send you a private message with a test email address in a dev O365 tenant. So you can send there a message and I'll be able to trace it and see if something is blocking it.
- kbourne650
  Copper Contributor
  May 21, 2023
  I tried the https://sender.office.com/ to delist it, but it said it sent a confirmation email to the email that I was trying to delist. This is an email provided by Firebase with literally the "noreply" at the beginning. Obviously, I can't access it. Any other suggestions? It seems like you are basically just saying, nothing we can do, we have big dumb spam filters that suck at precision and there is nothing we are going to do about it.
  
  This is kinda bullshit to be honest. I get that some people use these services to spam, but with the tech available today to sort out who is using it for spam and who is using it for legitimate purposes, this is a big FAIL for Microsoft. Probably still using regression for spam filters.
  
  Ironically, I was just looking into whether I should use Outlook or Gmail for my company's emails. I do not have problems with blocking from Gmail from any other service, whether it is a Google service or otherwise. This sealed the deal to use Gmail, thanks for making the decision easier!
  - arnotixe
    Copper Contributor
    Jun 02, 2023
    kbourne650yeah, I'm tempted to actually buy one of those Whitelisting services Microsoft themselves offer… It is a stretch at about $1500 a year though o_O
    
    As an alternative I'm currently adding SMS login, bypassing the problem to an extent
    
    SSO is another option, but setting it up is pretty heavy, and if you want Auth0 to take the app integration for you, a quote there was $30 000 a year (--PER MICROSOFT TENANT!!). As I have about 70 Microsoft customers, that is, well, out of the question.
    
    I've also tried registering at https://sendersupport.olc.protection.outlook.com/snds/pref.aspx but the confirmation mail never reaches me (and no, I don't block their emails, and the email address I choose for notification IS working). Also I don't know if that page has anything to do with this issue.
    
    Only thing that makes me feel a little bad about paying up for "email deliverability to Microsoft" is that it is basically a kind of hostage situation. We need to send mail there, but have to pay $1500 a year for them to take it? Hmmmmmmmmm
    
    If you find any better pointers, PLEASE let me know 😄 I'll do the same
FcoManigrasso
Iron Contributor
Feb 27, 2023
Hi arnotixe,

Thanks for sending me a test message.
It was Quarantined by O365 as High Spam/Phish.
The problems that I see here are 2 main ones. On one hand the links are considered dangerous, ( but that probably can be easily solved fixing the other problem.
On the other hand, your sending server is blacklisted: mail-vs1-f70.google.com (209.85.217.70)
So, basically you need to ensure to delist it or use another relay for such deliveries. DKIM passes, but the sender server has low reputation.
- arnotixe
  Copper Contributor
  Feb 27, 2023
  Wondering who to contact next, as the server itself is probably sending out on behalf of many different identities.
  This problem is currently affecting 74 of my business customers.
  
  The way it looks now, setting up a different outbound server for these mails (serving only my domain for example) would be the only option?
  - FcoManigrasso
    Iron Contributor
    Feb 27, 2023
    Hi arnotixe,
    Not sure if I got your question. But you have many options...
    - Ask the provider to delist.
    - Use another relay
    - Request the recipients IT teams to whitelist you, ( probably rejected by the Security teams. Think that they have no control over the sender servers... You neither. Too risky ).
    And probably other options depending on your environment and requirements.
    The point is basically that O365 identifies your messages as SPAM/Phish and is quarantining all your messages.

Forum Discussion

Firebase authentication emails are blocked by Office 365

Share

Resources