Dec 01 2021 02:10 PM - last edited on Apr 04 2022 08:30 AM by Allen
Hi everyone.
I have searched and tried to find an answer on my questions but can't find anything.
I configured a new tenant with a new custom domain with "Enabled Security Defaults".
When my friends now tries to send emails they get "Spam Confidence Level 5" on every email they send?
They have a Microsoft 365 Business Premium license.
Country/Region SE
Language en
Spam Confidence Level 5
Spam Filtering Verdict SPM
IP Filter Verdict NLI
HELO/EHLO String SWE01-MM0-obe.outbound.protection.outlook.com
PTR Record mail-mm0swe01on2112.outbound.protection.outlook.com
Connecting IP Address 40.107.120.112
Protection Policy Category SPM
Spam rules (4636009)(58800400005)(9686003)(7116003)(55016003)(564344004)(19627405001)(83310400002)(6916009)(7696005)(26005)(33656002)(83380400001)(83320400002)(83280400002)(83290400002)(83300400002)(5660300002)(8676002)(356005)(6506007)(7636003)(8636004)(22186003)(336012)(1096003)(52536014)(86362001)(76010400004)
Source header CIP:40.107.120.112;CTRY:SE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:SWE01-MM0-obe.outbound.protection.outlook.com;PTR:mail-mm0swe01on2112.outbound.protection.outlook.com;CAT:SPM;SFS:(4636009)(58800400005)(9686003)(7116003)(55016003)(564344004)(19627405001)(83310400002)(6916009)(7696005)(26005)(33656002)(83380400001)(83320400002)(83280400002)(83290400002)(83300400002)(5660300002)(8676002)(356005)(6506007)(7636003)(8636004)(22186003)(336012)(1096003)(52536014)(86362001)(76010400004);DIR:INB;
Unknown fields DIR:INB;
I have tried to email my outlook.com, work email (M365) and my personal M365 tenant and same classification on the emails.
Same problem if I try to send an email from .onmicrosoft.com address.
I can't find anything.
I have tried to change the outgoing policys, phishing policys, etc. and still the same problem.
I'm out of idéas.
When I try to configure DKIM i get "Error in retrieving encrypted key.".
On both custom domain and onmicrosoft.com.
attached two pictures of the error aswell.
Please help and thanks in advance.
Best regards
Thomas Malmesater
Sweden
Dec 05 2021 10:27 PM
Dec 15 2021 01:25 PM
@malmesater
perhaps the cause is the spam from different IPs from 40.107.xxx.xxx
"from" is every time the same sender
Dec 15 2021 01:30 PM
Dec 16 2021 01:30 AM
Dec 16 2021 12:30 PM
@malmesater
hi
what i want to show,
that there is someone sending spam from, or try to send via relay, or faked IPs, or a combination of these, with the name of these servers.
perhaps it is possible to report it to microsoft and ask them.
i am to lazy to do it, as my mailserver is a very small one in germany and these kind of "spamfloods" will normally go away in view days or weeks. as you see my server blocks it already.
your problem is the other way around, you want to send.
perhaps you are able to contact microsoft and show them also my findings and ask about the cause of the "pishing error" with your settings (if they have questions, want some logs, i am able to help them).
short explanation
i found your thread by searching the IPs(beginning with 40.107. .....), at google, trying to find similar "victims" as me and what they do about it, but can't find any other message about it yet.
i do not know if your problem is connected with mine.
i wish you a lot of passion, if you get in contact microsoft.(by the way it is possible, but the information will not be easy to find)
wkr
stephy
Dec 16 2021 09:45 PM
Dec 16 2021 10:52 PM
Dec 16 2021 10:55 PM - edited Dec 16 2021 10:55 PM
I deleted records because I thought they were the ones causing the problem.
But I will add them again and see if I can activate DKIM.
The problem with DKIM is that M365 can't "create" encryption key.
BR
Thomas M
Dec 17 2021 04:10 AM
Dec 20 2021 04:54 AM
I was after long time waiting able to activate DKIM and Dmarc.
So I hope this might resolve my problem, if not I will contact Microsoft about it.
Thanks for the help and I wish you Marry Christmas and happy new year.
BR
Thomas M
Dec 20 2021 07:47 AM
Dec 22 2021 12:13 AM - edited Dec 22 2021 12:15 AM
greetings
what I need to show,
that there is somebody sending spam from, or attempt to send by means of transfer, or faked IPs, or a mix of these, with the name of these servers.
maybe it is feasible to report it to microsoft and ask them.
I'm to languid to do it, as my mailserver is a tiny one in germany and these sort of "spamfloods" will regularly disappear in view days or weeks. as you see my server blocks it as of now.
your concern is the reverse way around, you need to send.
maybe you can contact microsoft and show them likewise my discoveries and get some information about the reason for the "pishing mistake" with your settings (assuming they have questions, need a few logs, I'm ready to help them).