This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 73%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi,
I'm in a situation where one of our software sends emails with links to approve certain types of requests (you get a link to approve and a link to refuse).
If these email notifications are sent through a connector (typically our on-prem exchange server) in our 365 exchange server on our tenant then all is well. If instead they are sent through a software I have running that accepts incoming SMTP requests and sends the email through the graph APIs after about 30/40 minutes of having received the email something scans\opens the email links thus approving the requests without the users knowledge.
Any ideas of what is scanning the notifications only when they are sent through graph? And for some reason 30/40 minutes after delivery?
We are also running defender on the client machines.
Thanks,
James
Hi, does the graph API respect the SPF, DMARC & DKIM rules ? I ask as some API often send via their own source and can make the email look suspicious from the remote computer.
Yes I've already checked this. To be honest the sent emails only pass the SPF check not the DMARC but we don't have DMARC checks on internal emails and from an email header I can see that the email originate and end up in the same domain so they should be considered internal
]1