SOLVED
Home

Migrated to O365. Emails going to GMAIL Spam.

%3CLINGO-SUB%20id%3D%22lingo-sub-233972%22%20slang%3D%22en-US%22%3EMigrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-233972%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20clean%20domain%20name.%3C%2FP%3E%3CP%3EWe%20recently%20migrated%20to%20Office365%2C%20now%20all%20emails%20go%20to%20GMAIL%20Spam.%3C%2FP%3E%3CP%3ERecipients%20are%20confirming%20we%20never%20went%20to%20spam%20before.%3C%2FP%3E%3CP%3EWe%20have%20SPF%20and%20DKIM%20set%20up%20and%20validated.%3C%2FP%3E%3CP%3EWe%20tried%20removing%20email%20signatures.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20seems%20very%20weird.%20Any%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-233972%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDKIM%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Edmarc%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGmail%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESpam%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Espf%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-307149%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307149%22%20slang%3D%22en-US%22%3EThey%20won%E2%80%99t%20give%20an%20answer.%20They%20direct%20us%20to%20the%20public%20google%20page.%20This%20has%20been%20going%20on%20for%20months.%20The%20domain%20is%20clean%2C%20server%20is%20clean...%20not%20sure%20what%20to%20do%20about%20it.%20Will%20probably%20have%20to%20switch%20from%20O365%20at%20this%20point.%20We%20have%20lots%20of%20clients%20but%20it%20is%20only%20affecting%20a%20few%20of%20them.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-307145%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307145%22%20slang%3D%22en-US%22%3EDid%20you%20contact%20GMAIL%20support%3F%20What%20did%20they%20say%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-307013%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-307013%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20also%20facing%20same%20issue%26nbsp%3B%3C%2FP%3E%3CP%3ESPF%20%2C%20DKIM%2C%20DMARC%20record%20cofigured%20still%20my%20email%20going%20to%20spam%20only%20to%20gmail%20users.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eany%20one%26nbsp%3Bmore%20suggestion%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234676%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234676%22%20slang%3D%22en-US%22%3EThanks%20Oleg%3CBR%20%2F%3E%3CBR%20%2F%3EI%20think%20we%20have%20it%20figured%20out.%20Adding%20a%20DMARC%20in%20addition%20to%20DKIM%20and%20SPF%20may%20have%20solved%20it.%20Either%20that%20or%20now%20enough%20time%20has%20passed%20since%20Google%20received%20a%20massive%20amount%20of%20spam%20from%20O365%20as%20in%20your%20message...%20Thanks.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234675%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234675%22%20slang%3D%22en-US%22%3ENestori%2C%20thanks%20for%20the%20response.%20Yes%2C%20we've%20already%20done%20all%20that.%20I%20think%20we%20have%20resolved%20it%20by%20adding%20a%20DMARC%20record%20in%20addition%20to%20DKIM%20and%20SPF.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234002%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234002%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20try%20checking%20the%20headers%20of%20one%20such%20email%20which%20ended%20up%20in%20the%20spam.%20Maybe%20you%20will%20find%20some%20indication%20(a%20header%20added%20by%20Google)%20why%20it%20was%20marked%20as%20spam.%20You%20can%20also%20try%20opening%20a%20support%20ticket%20with%20MS%2C%20but%20i%20suspect%20they%20will%20tell%20you%20that%20everything%20is%20fine%20on%20their%20end%20and%20will%20suggest%20to%20contact%20Google%20(which%20is%20tough%20to%20do).%20I%20have%20found%20such%20form%20to%20fill%20%3CA%20href%3D%22https%3A%2F%2Fsupport.google.com%2Fmail%2Fcontact%2Fmsgdelivery%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.google.com%2Fmail%2Fcontact%2Fmsgdelivery%3C%2FA%3E%20Maybe%20it%20will%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20guessing.%20But%20a%20few%20weeks%20ago%20we%20were%20getting%20a%20lot%20of%20phishing%20emails%20from%20bogus%20addresses%2C%20but%20emails%20were%20actually%20sent%20from%20MS%20servers%20(someone%20hacked%20outlook.com%2Foffice%20365%20mailboxes).%20If%20a%20lot%20of%20spam%20is%20sent%20through%20such%20Exchange%20Online%20server%2C%20then%20i%20think%20it%20can%20be%20blacklisted.%20Though%20in%20such%20case%20emails%20probably%20shouldn't%20even%20reach%20mailboxes.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234001%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234001%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20double%20check%20the%20SPF%20from%20Google%20DNS%3A%3C%2FP%3E%3CPRE%3Enslookup%20-q%3DTXT%20yourdomain.com%208.8.8.8%3C%2FPRE%3E%3CP%3ESPF%20should%20look%20similar%20to%20this%3A%3C%2FP%3E%3CPRE%3Ev%3Dspf1%20include%3Aspf.protection.outlook.com%20-all%3C%2FPRE%3E%3CP%3E%26nbsp%3BIf%20the%20record%20SPF%20is%20ok%2C%20then%20you%20should%20double%20check%20how%20your%20emails%20are%20routed.%20That%20is%2C%20are%20they%20sent%20directly%20from%20Office%20365%20or%20are%20you%20using%20some%20internal%20mail%20server%20to%20do%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFinally%2C%20you%20should%20ask%20someone%20to%20send%20the%20email%20you%20sent%20them%20as%20an%20attachment%2C%20so%20that%20you%20can%20access%20the%20original%20mail%20headers.%20You%20can%20copy-paste%20headers%20to%20Message%20Analyzer%20at%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fexrca%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fexrca%3C%2FA%3E%20and%26nbsp%3Bsee%20how%20the%20email%20has%20been%20delivered.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-561135%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-561135%22%20slang%3D%22en-US%22%3EHi%20Griffe%2C%3CBR%20%2F%3EI've%20seen%20a%20lot%20of%20instances%20and%20complaints%20like%20you%20have%20mentioned.%3CBR%20%2F%3EBusiness%20emails%20landing%20in%20Spam.%3CBR%20%2F%3EThere%20are%20few%20things%20to%20be%20done%20in%20order%20to%20solve%20the%20above%20given%20problem%3A%3CBR%20%2F%3E-%20Include%20all%20the%20domains%20and%20IP's%20which%20are%20allowed%20to%20send%20emails%20on%20behalf%20of%20your%20main%20policy%20domain%20in%20your%20SPF%20record.%3CBR%20%2F%3E-%20Ensure%20the%20DKIM%20keys%20are%20getting%20signed%20and%20verified%20properly%20for%20the%20main%20policy%20domain.%3CBR%20%2F%3E-%20Make%20sure%20that%20the%20domains%20associated%20and%20used%20in%20the%20Email%20headers%2C%20pre-headers%2C%20email%20body%20content%2C%20URL%20used%20in%20email%20are%20NOT%20blacklisted%20at%20any%20DNSBL%20or%20RBL's%20worldwide%20like%20Spamhaus%2C%20SpamCop%2C%20Baracuda%2C%20Talos%2C%20etc.%3CBR%20%2F%3E-%20Make%20sure%20the%20sending%20IP's%20are%20NOT%20blacklisted%20at%20any%20of%20the%20DNS%20RBL's%20worldwide.%3CBR%20%2F%3E-%20And%20finally%20ensure%20that%20the%20DMARC%20policy%20is%20set%20correctly.%20If%20you%20are%20100%25%20sure%20about%20monitoring%20then%20you%20must%20go%20ahead%20to%20quarantine%20and%20reject%20policies%20ASAP.%20Quarantine%20and%20Reject%20policies%20are%20double%20edged%20sword.%20If%20you%20don't%20know%20what%20you%20are%20doing%20then%20you%20are%20going%20to%20hamper%20the%20email%20deliverability%20even%20worse%20than%20earlier.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20helps.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks.%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3CBR%20%2F%3EZak%20%5BStopSpoof.com%5D%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-561137%22%20slang%3D%22en-US%22%3ERe%3A%20Migrated%20to%20O365.%20Emails%20going%20to%20GMAIL%20Spam.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-561137%22%20slang%3D%22en-US%22%3EHi%20Arun%2C%3CBR%20%2F%3EI've%20seen%20a%20lot%20of%20instances%20and%20complaints%20like%20you%20have%20mentioned.%3CBR%20%2F%3EBusiness%20emails%20landing%20in%20Spam.%3CBR%20%2F%3EThere%20are%20few%20things%20to%20be%20done%20in%20order%20to%20solve%20the%20above%20given%20problem%3A%3CBR%20%2F%3E-%20Include%20all%20the%20domains%20and%20IP's%20which%20are%20allowed%20to%20send%20emails%20on%20behalf%20of%20your%20main%20policy%20domain%20in%20your%20SPF%20record.%3CBR%20%2F%3E-%20Ensure%20the%20DKIM%20keys%20are%20getting%20signed%20and%20verified%20properly%20for%20the%20main%20policy%20domain.%3CBR%20%2F%3E-%20Make%20sure%20that%20the%20domains%20associated%20and%20used%20in%20the%20Email%20headers%2C%20pre-headers%2C%20email%20body%20content%2C%20URL%20used%20in%20email%20are%20NOT%20blacklisted%20at%20any%20DNSBL%20or%20RBL's%20worldwide%20like%20Spamhaus%2C%20SpamCop%2C%20Baracuda%2C%20Talos%2C%20etc.%3CBR%20%2F%3E-%20Make%20sure%20the%20sending%20IP's%20are%20NOT%20blacklisted%20at%20any%20of%20the%20DNS%20RBL's%20worldwide.%3CBR%20%2F%3E-%20And%20finally%20ensure%20that%20the%20DMARC%20policy%20is%20set%20correctly.%20If%20you%20are%20100%25%20sure%20about%20monitoring%20then%20you%20must%20go%20ahead%20to%20quarantine%20and%20reject%20policies%20ASAP.%20Quarantine%20and%20Reject%20policies%20are%20double%20edged%20sword.%20If%20you%20don't%20know%20what%20you%20are%20doing%20then%20you%20are%20going%20to%20hamper%20the%20email%20deliverability%20even%20worse%20than%20earlier.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20helps.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks.%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3CBR%20%2F%3EZak%20%5BStopSpoof.com%5D%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

 

We have a clean domain name.

We recently migrated to Office365, now all emails go to GMAIL Spam.

Recipients are confirming we never went to spam before.

We have SPF and DKIM set up and validated.

We tried removing email signatures.

 

This seems very weird. Any ideas?

 

9 Replies
Highlighted

Hi,

 

I'd double check the SPF from Google DNS:

nslookup -q=TXT yourdomain.com 8.8.8.8

SPF should look similar to this:

v=spf1 include:spf.protection.outlook.com -all

 If the record SPF is ok, then you should double check how your emails are routed. That is, are they sent directly from Office 365 or are you using some internal mail server to do that.

 

Finally, you should ask someone to send the email you sent them as an attachment, so that you can access the original mail headers. You can copy-paste headers to Message Analyzer at https://aka.ms/exrca and see how the email has been delivered.

Highlighted
Solution

You can try checking the headers of one such email which ended up in the spam. Maybe you will find some indication (a header added by Google) why it was marked as spam. You can also try opening a support ticket with MS, but i suspect they will tell you that everything is fine on their end and will suggest to contact Google (which is tough to do). I have found such form to fill https://support.google.com/mail/contact/msgdelivery Maybe it will work.

 

Just guessing. But a few weeks ago we were getting a lot of phishing emails from bogus addresses, but emails were actually sent from MS servers (someone hacked outlook.com/office 365 mailboxes). If a lot of spam is sent through such Exchange Online server, then i think it can be blacklisted. Though in such case emails probably shouldn't even reach mailboxes.

Highlighted
Nestori, thanks for the response. Yes, we've already done all that. I think we have resolved it by adding a DMARC record in addition to DKIM and SPF.
Highlighted
Thanks Oleg

I think we have it figured out. Adding a DMARC in addition to DKIM and SPF may have solved it. Either that or now enough time has passed since Google received a massive amount of spam from O365 as in your message... Thanks.
Highlighted

We are also facing same issue 

SPF , DKIM, DMARC record cofigured still my email going to spam only to gmail users. 

 

any one more suggestion?

Highlighted
Did you contact GMAIL support? What did they say?
Highlighted
They won’t give an answer. They direct us to the public google page. This has been going on for months. The domain is clean, server is clean... not sure what to do about it. Will probably have to switch from O365 at this point. We have lots of clients but it is only affecting a few of them.
Highlighted
Hi Griffe,
I've seen a lot of instances and complaints like you have mentioned.
Business emails landing in Spam.
There are few things to be done in order to solve the above given problem:
- Include all the domains and IP's which are allowed to send emails on behalf of your main policy domain in your SPF record.
- Ensure the DKIM keys are getting signed and verified properly for the main policy domain.
- Make sure that the domains associated and used in the Email headers, pre-headers, email body content, URL used in email are NOT blacklisted at any DNSBL or RBL's worldwide like Spamhaus, SpamCop, Baracuda, Talos, etc.
- Make sure the sending IP's are NOT blacklisted at any of the DNS RBL's worldwide.
- And finally ensure that the DMARC policy is set correctly. If you are 100% sure about monitoring then you must go ahead to quarantine and reject policies ASAP. Quarantine and Reject policies are double edged sword. If you don't know what you are doing then you are going to hamper the email deliverability even worse than earlier.

Hope that helps.

Thanks.

Regards,
Zak [StopSpoof.com]
Highlighted
Hi Arun,
I've seen a lot of instances and complaints like you have mentioned.
Business emails landing in Spam.
There are few things to be done in order to solve the above given problem:
- Include all the domains and IP's which are allowed to send emails on behalf of your main policy domain in your SPF record.
- Ensure the DKIM keys are getting signed and verified properly for the main policy domain.
- Make sure that the domains associated and used in the Email headers, pre-headers, email body content, URL used in email are NOT blacklisted at any DNSBL or RBL's worldwide like Spamhaus, SpamCop, Baracuda, Talos, etc.
- Make sure the sending IP's are NOT blacklisted at any of the DNS RBL's worldwide.
- And finally ensure that the DMARC policy is set correctly. If you are 100% sure about monitoring then you must go ahead to quarantine and reject policies ASAP. Quarantine and Reject policies are double edged sword. If you don't know what you are doing then you are going to hamper the email deliverability even worse than earlier.

Hope that helps.

Thanks.

Regards,
Zak [StopSpoof.com]
Related Conversations