SOLVED

<Solved>Emails being marked as phishing by office

%3CLINGO-SUB%20id%3D%22lingo-sub-1230176%22%20slang%3D%22en-US%22%3ERe%3A%20Emails%20being%20marked%20as%20phishing%20by%20office%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1230176%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F567115%22%20target%3D%22_blank%22%3E%40josephmiller1256%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EHave%20you%20run%20the%20message%20headers%20through%20a%20message%20header%20analyser%3F%20It%20may%20be%20that%20this%20tenant%2Fsending%20domain%20has%20a%20misaligned%20SPF%2C%20DKIM%20or%20DMARC%20record%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20Remote%20Connectivity%20Analyzer%20%26gt%3B%20Message%20Analyzer%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmha.azurewebsites.net%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmha.azurewebsites.net%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOr%20MX%20toolbox%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmxtoolbox.com%2FEmailHeaders.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmxtoolbox.com%2FEmailHeaders.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1230666%22%20slang%3D%22en-US%22%3ERe%3A%20Emails%20being%20marked%20as%20phishing%20by%20office%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1230666%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F554842%22%20target%3D%22_blank%22%3E%40stonefr33%3C%2FA%3E%26nbsp%3BI%20was%20able%20to%20fix%20the%20problem.%20It%20was%20related%20to%20DMARK%20and%20all%20of%20that%20jazz%2C%20but%20it%20was%20something%20the%20head%20office%20had%20to%20do%2C%20and%20was%20out%20of%20my%20control.%20No%20one%20told%20me%20this%20was%20the%20case.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1225499%22%20slang%3D%22en-US%22%3E%3CSOLVED%3EEmails%20being%20marked%20as%20phishing%20by%20office%3C%2FSOLVED%3E%3CLINGO-BODY%20id%3D%22lingo-body-1225499%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20am%20having%20a%20big%20problem%20with%20office%20quarantining%20my%20user's%20emails%20before%20they%20are%20sent.%3C%2FP%3E%3CP%3EHere%20is%20some%20back%20story%3A%3C%2FP%3E%3CP%3EI%20run%20the%20IT%20for%20three%20businesses.%20two%20of%20them%20are%20on%20the%20same%20tenant%20in%20365%20but%20the%20other%20is%20on%20a%20separate%20tenant.%20The%20one%20that%20is%20on%20its%20own%20is%20the%20one%20having%20problems.%3C%2FP%3E%3CP%3EWhen%20an%20email%20on%20that%20tenant%20sends%20a%20message%20to%20a%20yahoo%20account%20there%20are%20no%20problems%2C%20but%20when%20it%20sends%20to%20another%20Microsoft%20based%20email%20account%20it%20is%20blocked%20by%20quarantine%20as%20a%20phishing%20email.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understand%20that%20we%20can%20add%20a%20rule%20to%20allow%20emails%20from%20this%20tenant%20to%20come%20through%20but%20that%20is%20only%20a%20band-aid%20fix%20to%20the%20problem%20as%20if%20we%20need%20to%20send%20an%20email%20to%20someone%20who%20has%20these%20types%20of%20filters%20or%20another%20company%20using%20365%2C%20we%20have%20no%20way%20to%20ask%20them%20to%20white%20list%20us%20or%20accept%20our%20emails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20tested%20this%20from%20multiple%20emails%20on%20this%20tenant%20and%20they%20all%20have%20the%20same%20result.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1225499%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEmail%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emicrosoft365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ephishing%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3C%2FLINGO-SUB%3E
Highlighted
New Contributor

Hi all,

I am having a big problem with office quarantining my user's emails before they are sent.

Here is some back story:

I run the IT for three businesses. two of them are on the same tenant in 365 but the other is on a separate tenant. The one that is on its own is the one having problems.

When an email on that tenant sends a message to a yahoo account there are no problems, but when it sends to another Microsoft based email account it is blocked by quarantine as a phishing email. 

I understand that we can add a rule to allow emails from this tenant to come through but that is only a band-aid fix to the problem as if we need to send an email to someone who has these types of filters or another company using 365, we have no way to ask them to white list us or accept our emails.

 

I have tested this from multiple emails on this tenant and they all have the same result. 

2 Replies
Highlighted

@josephmiller1256 
Have you run the message headers through a message header analyser? It may be that this tenant/sending domain has a misaligned SPF, DKIM or DMARC record

 

Microsoft Remote Connectivity Analyzer > Message Analyzer

https://mha.azurewebsites.net/ 

 

Or MX toolbox 

https://mxtoolbox.com/EmailHeaders.aspx

 

Thanks

Highlighted
Best Response confirmed by josephmiller1256 (New Contributor)
Solution

@stonefr33 I was able to fix the problem. It was related to DMARK and all of that jazz, but it was something the head office had to do, and was out of my control. No one told me this was the case.