Dec 01 2021 02:10 PM - last edited on Apr 04 2022 08:30 AM by Allen
I have searched and tried to find an answer on my questions but can't find anything.
I configured a new tenant with a new custom domain with "Enabled Security Defaults".
When my friends now tries to send emails they get "Spam Confidence Level 5" on every email they send?
They have a Microsoft 365 Business Premium license.
Spam Confidence Level 5
Spam Filtering Verdict SPM
IP Filter Verdict NLI
HELO/EHLO String SWE01-MM0-obe.outbound.protection.outlook.com
PTR Record mail-mm0swe01on2112.outbound.protection.outlook.com
Connecting IP Address 18.104.22.168
Protection Policy Category SPM
Spam rules (4636009)(58800400005)(9686003)(7116003)(55016003)(564344004)(19627405001)(83310400002)(6916009)(7696005)(26005)(33656002)(83380400001)(83320400002)(83280400002)(83290400002)(83300400002)(5660300002)(8676002)(356005)(6506007)(7636003)(8636004)(22186003)(336012)(1096003)(52536014)(86362001)(76010400004)
Source header CIP:22.214.171.124;CTRY:SE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:SWE01-MM0-obe.outbound.protection.outlook.com;PTR:mail-mm0swe01on2112.outbound.protection.outlook.com;CAT:SPM;SFS:(4636009)(58800400005)(9686003)(7116003)(55016003)(564344004)(19627405001)(83310400002)(6916009)(7696005)(26005)(33656002)(83380400001)(83320400002)(83280400002)(83290400002)(83300400002)(5660300002)(8676002)(356005)(6506007)(7636003)(8636004)(22186003)(336012)(1096003)(52536014)(86362001)(76010400004);DIR:INB;
Unknown fields DIR:INB;
I have tried to email my outlook.com, work email (M365) and my personal M365 tenant and same classification on the emails.
Same problem if I try to send an email from .onmicrosoft.com address.
I can't find anything.
I have tried to change the outgoing policys, phishing policys, etc. and still the same problem.
I'm out of idéas.
When I try to configure DKIM i get "Error in retrieving encrypted key.".
On both custom domain and onmicrosoft.com.
attached two pictures of the error aswell.
Please help and thanks in advance.
Dec 16 2021 01:30 AM
Dec 16 2021 12:30 PM
what i want to show,
that there is someone sending spam from, or try to send via relay, or faked IPs, or a combination of these, with the name of these servers.
perhaps it is possible to report it to microsoft and ask them.
i am to lazy to do it, as my mailserver is a very small one in germany and these kind of "spamfloods" will normally go away in view days or weeks. as you see my server blocks it already.
your problem is the other way around, you want to send.
perhaps you are able to contact microsoft and show them also my findings and ask about the cause of the "pishing error" with your settings (if they have questions, want some logs, i am able to help them).
i found your thread by searching the IPs(beginning with 40.107. .....), at google, trying to find similar "victims" as me and what they do about it, but can't find any other message about it yet.
i do not know if your problem is connected with mine.
i wish you a lot of passion, if you get in contact microsoft.(by the way it is possible, but the information will not be easy to find)
Dec 16 2021 09:45 PM
Dec 16 2021 10:52 PM
Dec 16 2021 10:55 PM - edited Dec 16 2021 10:55 PM
I deleted records because I thought they were the ones causing the problem.
But I will add them again and see if I can activate DKIM.
The problem with DKIM is that M365 can't "create" encryption key.
Dec 20 2021 04:54 AM
I was after long time waiting able to activate DKIM and Dmarc.
So I hope this might resolve my problem, if not I will contact Microsoft about it.
Thanks for the help and I wish you Marry Christmas and happy new year.
Dec 20 2021 07:47 AM
Dec 22 2021 12:13 AM - edited Dec 22 2021 12:15 AM
what I need to show,
that there is somebody sending spam from, or attempt to send by means of transfer, or faked IPs, or a mix of these, with the name of these servers.
maybe it is feasible to report it to microsoft and ask them.
I'm to languid to do it, as my mailserver is a tiny one in germany and these sort of "spamfloods" will regularly disappear in view days or weeks. as you see my server blocks it as of now.
your concern is the reverse way around, you need to send.
maybe you can contact microsoft and show them likewise my discoveries and get some information about the reason for the "pishing mistake" with your settings (assuming they have questions, need a few logs, I'm ready to help them).