Sharepoint online invites to external users going to spam

Copper Contributor

When adding external users (outside of our organization); the checkbox for send invitation is greyed out with a check in the checkbox.  Therefore, an email invitation will occur.  Sharepoint online does send an email to the recipient but it goes into the recipient's SPAM folder.  Need a work around to prevent this from happening.  I always have to get in touch with the recipient by phone or another email to look into their SPAM folder so they can accept the pending invitation.  Please help!

4 Replies
I think, if you add the user to the Azure Active Directory, the initial invitation to join might go to their spam folder (especially if they use gmail). Once they accept, future emails will not go to spam.

@esudo555 

Here is a popular subject line from my service desk:

 

phish from no-reply @ sharepointonline.com

 

The frequency of breached tenancies is why your recipient's mail system is inclined to junk your genuine invitation. We know how these breaches are happening. At Ignite last year, we had the spectacle of speakers saying "Please put your users on MFA" - in 2021! Microsoft, stop messing around: raise your M365 prices 10% then discount them 9% for customers who can keep their users 9x% on MFA and don't sully the swimming pool with leaky on-premises systems. You have a high-risk [mail] delivery pool; create a low-risk delivery pool, offer it to customers who can meet these requirements and make it publicly identifiable. If it comes with higher limits, you might even be able to charge a premium for that. By offering a two-tier service, you will motivate those SFA laggards to move forward.

Unfortunately Microsoft gives spammers unfettered access to email as much spam as they'd like using the @sharepointonline.com address. As long as Microsoft takes a pro-spam stance on their network, spam detection systems will continue to see @sharepointonline.com exactly for what it is: an email domain that sends spam. Consider a different service.
Abuse of sharepointonline.com needs to be seen in the context of the amount of phishing we all see from breached tenancies in general. The specific design failure by Microsoft here, as we have also seen with Forms and several other products, is to use a generic domain which all tenants share rather than a named domain specific for each tenant as we have in SharePoint.