High Confidence Phish

Brass Contributor

Hey Team, 


I am trying to better understand why office 365 marks some messages as High Confidence Phish? What determines that? 


I have looked through our quarantine and can see that we have several messages (100's) marked as high confidence phish, but when I look at the details, they all seem to be marked for different reasons, i would like to know what causes EOP to mark messages as High Confidence Phish?


Some messages Compauth passes, others it does not, some messages have malware/bad urls others do not etc. 





1 Reply

@Robert Bollinger 


I'm having the same issues, I can't whitelist and bypass this and good emails are being quarantined.  Submittal to Microsoft does nothing.