SOLVED

Office365 support incompetant - All emails marked as spam due to hyperlinks in email siganture

Copper Contributor

I have been facing an issue from the past 3 weeks and the support staff at office365 is still trying to resolve my issue.

All our incoming and outgoing emails are being flagged as spam due to hyperlinks in our email signature that point to our social media websites. Everything was working well for over 3yrs and all of a sudden one day  all our emails started getting categorized as Spam.

Have been telling them that the problem probably lies in the Forefront server but they take no notice of it....

 

Had opened multiple tickets with them but they swiftly closed my ticket stating that the customer was not available. Soooo frustrating.

 

Have been stressing upon them that this is affecting our Business as most of our Customers and Vendors are complaining that our emails aren't reaching them. Every time I follow up with the team they keep saying that we are working on resolving the issue so please be patient....3weeks now and they expect me to be patient......Cuummmon....

 

Anyone face a similar issue and have got it resolved....

 

Regards

Terence

21 Replies
I don't believe that Microsoft marks emails as spam on the way *out* of the service, only on the way in.
Do you have the required SPF record in your DNS zone? And if you send an email to a customer without the signature (or at least the hyperlink) does it get through?

Loryan

 

The Outbound spam option is enabled on all our emails in office 365 and the header details captured states that the message was flagged as SPAM SCL5 by the Forefront server.

We have everything in place, SPF, DKIM etc etc.

Moreover this problem all of sudden started 2 weeks ago and got resolved by itself yesterday.

Even the support team has no clue as to what triggered this issue.

 

Regards,

Terence

The problem you had with your mails being rejected as spam, might be due to the fact that multiple Office365 outbound SMTP servers are listed in email blacklists;

eg:

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a104.47.5.207&run=toolpage

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a104.47.116.242&run=toolpage

 

They have started changing the IPs that they send emails from, however large volumes of spam are still being relayed so its only a matter of time the new IPs get blacklisted again.

I believe the IP must have got blacklisted as you mentioned, anyways its all good for now...Than for your help...

I am having the exact same issue with our emails.  All are leaving marked as SCL=5.  We have our social media links in our signatures and those are the ones being marked as spam.  We have had those signatures for years.  Everyday we get users blocked because of sending spam.  I've tried using outbound transport rules etc.  I have opened a ticket and it gets closed just like yours.  No solution so far.  Just started a couple of months ago.

 

 

Pretty sure your Office365 outbound SMTP servers have been blacklisted. Try to look for Servers that are taking care of your email delivery and check if the IP addresses have been blacklisted by spamhaus etc etc...

@Terence Tellis I am a little late to this party but we are having a similar problem with O365.  Any email sent from any email system (gmail, yahoo, office email) to an Office 365 mailbox with our domain, carotrans.com in text in the body is getting flagged as spam with a weight of 5.  It does not have to be a hyperlink, just the text.  Microsoft support has been totally useless.  I have not been able to find any way to get this removed.  Some have said it will correct itself after a few weeks but like Terence, this is affecting many of our customers and severely impacting our business. 

 

If anyone has any idea how to fix this, it will be greatly appreciated.

Just thought I'd post on here, even though its pretty old, that we just ran into this issue 5 days ago and Microsoft is still completely useless.  

 

To recap:

1)  All outgoing mail with a hyperlink (including mailto:x@x.com) gets marked as spam.  Doesn't matter if its in a signature, body, etc... just any hyperlink period.  You can see this in a message trace as it shows the mail going out getting tagged with a spam event and to 'Use high risk delivery pool.'.  Attachments and embedded pictures are fine as long as they're not linked.  An easy way around this is to set everyones default new mail format to plain text instead of html.  I should add however that this didnt happen EVERY time, just 99% of the time. Which was great for Microsoft troubleshooting because as soon as they saw one work without being marked as spam, they said it wasn't their system.

 

2)  We initially noticed this problem due to a massive increase in good inbound mail going to junk e-mail.  At that time we also found that whitelisting the domains or email addresses, in the O365 exchange admin page, did nothing, they still went to junk.  We had to make an actual transport rule to allow the domains.

 

3)  We found that external mail to externally accessible Public Folders was all being rejected with the message '550 5.4.1 All recipient addresses rejected : Access denied'.  I checked the permissions in case they changed, nope - anon still has contribute and create items.

 

4) If enough mail gets sent out by an internal user, MS will block them and, in our case, when its false, it takes over an hour for the unblock to actually take affect.  So I have Customer Service Reps that can't actually send mail to get orders placed for an hour.

 

I've searched for hours trying to find a way to get better support.  Give me back the days when I could slap down a credit card and charge a single premier ticket.

 

@Terence Tellis 

@TRI-JAI can totally relate to your issue. MS is totally clueless about this behavior and passes the buck onto someone one stating that we do not mark emails as spam.  I would strongly suggest you use the Message Analyzer tool to identify the IP add of all outgoing servers and check if any of them have been blacklisted on the Internet.

 

Regards,

Terence

 

 

best response confirmed by Scott Landry (Microsoft)
Solution

Hello all,

This thread has come to my attention. Let me fix some misconceptions:

 

Office 365 absolutely does scan messages "on the way out". This is done to protect our IP reputation. If a message is deemed spammy, then it will be marked as spam and sent out via a special pool of IPs. This pool of IPs has questionable reputation and we do not attempt to maintain their reputation.  We do absolutely monitor the reputation of our good IP addresses - so much so that I'm fairly certain that is not an issue here.

 

Most often, I do see false positives happening when someone creates an automated email signature with links in them. A false positive requires a spam rule to be adjusted on our side. This is simple -

1) First report the problem in Submissions Explorer

2) If not getting headway, open a ticket - we just need the samples with the full headers showing what happened so that our engineering team can correct the rule.  It is an easy fix - if you're not getting the help you need from the support, point them to this post as guidance. 

 

I apologize for any inconvenience.

 

Regards,

Scott

Nice job marking that as the best response @Scott Landry   Give us an actual resolution, then pat yourself on the back. 

 

You state that this is an 'easy fix' and yet, as mentioned, multiple people have tickets open for weeks to address the issue without it being resolved after support is made aware it's a hyperlink issue.  The issue is after that ticket is open, after we've provided samples, after we all know its a hyperlink issue, and now after I've put a link to this page in the ticket, it languishes day after day after week after week after call after call over the same basic troubleshooting steps.  My THREE calls over the past few days have all resulted in support saying they can't do anything for me.  The BEST they can suggest is to use the submit explorer to submit any email that shouldn't be blocked.  Let me type this again, I am supposed to submit every single email that shouldn't be going through the high risk pool.  When I scoffed that submitting 10k+ past emails plus the hundreds if not thousands more we'd do that day I was told I would need to wait another day for the next escalation engineer.  Thats after waiting a day for this escalation engineer.  Thats after waiting another day for the previous one.  Thats four days of just waiting purely for support to do anything.

 

No one can give me answers as to why our mail was marked in the first place.  Support can't or won't fix it.

 

So, we know its a hyperlink issue.  We know the outgoing spam filter is the issue.  How do we get support and a resolution when there is a massive issue like this??

 

 

 

 

@TRI-JA  SPOT ON......Rightly said, easier to recommend a solution out here on the forum but nothing done by MS to resolve the issue in the production environment.

I struggled for days and was just relying on prayers to get the issue resolved and one fine day it did vanish leaving everyone and MS clueless.

 

 

@Terence TellisThanks! I like what you said. Essentially front line support did not know the answer to what the engineering team designed. And, low and behold the system some how learned (AI or Gremlins) and then the issue was magically resolved. E-mail flowed as expected. That scenario is not atypical. Cheers!

5 escalations and three weeks later and they've resolved the issue.  They responded with this:

 

'We found that the Url was blocked on a blacklist check, therefore we delisted same resolving the issue.'

 

 

I can confirm these practices are still in place; A website link in your signature can cause a mail to be classified as spam.
You will have to raise a ticket with Microsoft about this so it can be added to the safe list.
Sadfully, even if you are a customer of O365/Microsoft, it is no guarantee your site won't end up on the 'blacklist'.
Star date 13 04 2023... it's been 5 years... and it's still an issue while in the mean time the IT landscape has changed drastically when the introduction of ChatGPT.
In short:
I'm sending an email without a hyperlink through smtp.office365.com and it arrives in the O365 inbox.
I'm sending the same email but this time with a hyperlink and it arrives in the spam folder with a SCL of 5.
I have absolutely no idea why it gets a SCL of 5. The only difference is the hyperlink (which links to my domain).
Anyone out there who can solve this challenge?

Best regards,
Kurt

@KurtSantele provide message traces and mail analysis to Microsoft and create a case with them.

with clear examples they should be able to put your domain on a safe list.

for some reason your domain got on the black list (manually or AI) at microsoft

1 best response

Accepted Solutions
best response confirmed by Scott Landry (Microsoft)
Solution

Hello all,

This thread has come to my attention. Let me fix some misconceptions:

 

Office 365 absolutely does scan messages "on the way out". This is done to protect our IP reputation. If a message is deemed spammy, then it will be marked as spam and sent out via a special pool of IPs. This pool of IPs has questionable reputation and we do not attempt to maintain their reputation.  We do absolutely monitor the reputation of our good IP addresses - so much so that I'm fairly certain that is not an issue here.

 

Most often, I do see false positives happening when someone creates an automated email signature with links in them. A false positive requires a spam rule to be adjusted on our side. This is simple -

1) First report the problem in Submissions Explorer

2) If not getting headway, open a ticket - we just need the samples with the full headers showing what happened so that our engineering team can correct the rule.  It is an easy fix - if you're not getting the help you need from the support, point them to this post as guidance. 

 

I apologize for any inconvenience.

 

Regards,

Scott

View solution in original post