SOLVED

Outbound Phishing - False Positive

%3CLINGO-SUB%20id%3D%22lingo-sub-182071%22%20slang%3D%22en-US%22%3EOutbound%20Phishing%20-%20False%20Positive%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182071%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20our%20outbound%20'transactional'%20emails%20that%20goes%20out%20to%20customers%20has%20just%20started%20being%20marked%20as%20a%20Phishing%20email%20by%20O365.%20This%20is%20bizarre%20since%20there%20are%20only%202%20links%20in%20the%20footer%20of%20the%20email%20and%20they're%20both%20basic%20urls%20to%20domains%20verified%20in%20our%20own%20tenant!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20there%20doesn't%20appear%20to%20be%20any%20way%20of%20notifying%20MS%20about%20this%20false%20positive.%20I%20found%20reference%20to%20junk%40office365%20and%20a%20corresponding%20not_junk%40%20for%20reporting%20false%20positives.%20There%20exists%20a%20phish%40%20email%20address%20but%20no%20corresponding%20not_phish%40%20reporting%20email%20for%20false%20positives.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idiot%20would%20be%20able%20to%20see%20that%20these%20are%20not%20phishing%20emails%20since%20there%20is%20no%20inducement%20to%20click%20any%20links%2C%20and%20the%20links%20that%20exists%20are%20to%20the%20domains%20as%20registered%20in%20the%20tenant!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20offer%20advice%20on%20how%20to%20get%20MS%20to%20fix%20this%20nonsense%20please%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-182071%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-182419%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Outbound%20Phishing%20-%20False%20Positive%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182419%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20never%20happened%2C%20nothing%20to%20see%20here%2C%20move%20along%20now%2C%20these%20are%20not%20the%20droids%20you're%20looking%20for.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-182177%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Outbound%20Phishing%20-%20False%20Positive%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182177%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3BDaniel%2C%20looks%20like%20someone%20made%20a%20mistake%20somewhere%20but%20we%20seem%20to%20be%20back%20to%20normal%20service%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20taking%20the%20time%20to%20share%20that%20it%20was%20affecting%20you%20too!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20your%20issue%20is%20also%20resolved.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-182143%22%20slang%3D%22en-US%22%3ERE%3A%20Outbound%20Phishing%20-%20False%20Positive%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-182143%22%20slang%3D%22en-US%22%3ETim%2C%20our%20organization%20just%20began%20experiencing%20this%20issue%20too.%20We%20opened%20a%20support%20ticket%2C%20and%20are%20still%20waiting%20on%20a%20resolution.%20The%20emails%20we%20are%20sending%20don't%20contain%20any%20links%2C%20just%20our%20logo%20hosted%20on%20a%20trusted%20domain.%20I%20have%20a%20few%20other%20acquaintances%20in%20other%20organizations%20using%20O365%20that%20are%20experiencing%20this%20as%20well.%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

One of our outbound 'transactional' emails that goes out to customers has just started being marked as a Phishing email by O365. This is bizarre since there are only 2 links in the footer of the email and they're both basic urls to domains verified in our own tenant!!

 

Anyway, there doesn't appear to be any way of notifying MS about this false positive. I found reference to junk@office365 and a corresponding not_junk@ for reporting false positives. There exists a phish@ email address but no corresponding not_phish@ reporting email for false positives.

 

Any idiot would be able to see that these are not phishing emails since there is no inducement to click any links, and the links that exists are to the domains as registered in the tenant!

 

Can anyone offer advice on how to get MS to fix this nonsense please?

 

Thanks.

3 Replies
Highlighted
Solution
Tim, our organization just began experiencing this issue too. We opened a support ticket, and are still waiting on a resolution. The emails we are sending don't contain any links, just our logo hosted on a trusted domain. I have a few other acquaintances in other organizations using O365 that are experiencing this as well.
Highlighted

Hi Daniel, looks like someone made a mistake somewhere but we seem to be back to normal service now.

 

Thanks for taking the time to share that it was affecting you too!

 

Hope your issue is also resolved.

Highlighted

It never happened, nothing to see here, move along now, these are not the droids you're looking for.