Share via

How can I solve my "Suspicious email sending patterns detected" problem after sending an email to a distribution list?

Anonymous
2024-05-27T10:02:05+00:00

Hello,

On 4 occasions in the last two months, after sending emails either to one of my M365 distribution lists or to one of my M365 groups, I receive the following alert as general admin: "A medium-severity alert has been triggered" "Suspicious email sending patterns detected" even though the emails are completely legitimate..

The reason given is: "OutboundSpamLast24Hours=53;OutboundMailLast24Hours=53;OutboundSpamPercent=1000"

What I know at this stage:

  • DNS zone (SPF, DKIM, DMARC) is correctly configured.
  • The domain configuration in M365 is also clean.
  • The e-mail quota has not been exceeded (the group concerned has 38 addresses, the distribution list has 16).
  • The user account is not compromised.

This is a real issue because since this alert our company's domain has been blacklisted. Mails are not received by their recipients, even though they are customers or important contacts.

Do you have any ideas on how to solve this problem?

Thanks in advance!

Microsoft 365 and Office | Install, redeem, activate | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-10-10T13:59:20+00:00

    Hi Steve,

    did you ever resolve this? We are experiencing the same issue, and every post I see, no one has ever resolved it. They seem to give up or end up using an email marketing solution which does not solve the root problem. The issue seems to be with Defenders logic, which is flawed.

    Thanks,

    Andrew

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2024-07-18T12:55:20+00:00

    Thank for the update! I will send such to our infrastructure team.

    My new challenge is that everything I send now is tagged as spam as I'm now an invalid sender. I sent maybe 20 emails, all different but they did have links and a few pictures. They were template emails and now I'm waiting again for infrastructure team to do whatever they did last time to fix my email. GRRR

    0 comments
  3. Anonymous
    2024-07-18T09:07:42+00:00

    Hi Steve,

    My problem wasn't with Microsoft. It came from a misconfiguration of my DNS zone, in particular email authentication (DMARC and DKIM records). I suggest you look into this.

    I hope you find a solution soon.

    0 comments
  4. Anonymous
    2024-07-13T20:06:34+00:00

    Can anyone share if/how this problem was solved, or not? I have the same problem sending emails from Apollo, my email was getting "invalid sender" and with some admin changes I'm now getting Suspicious email activity" or something similar. I'm sending a variety of email templates to prospects, but I received this message only after maybe 30 emails. Some emails have some links and images but not many. Do links and images cause or contribute to emails being considered "suspicious"?

    0 comments
  5. Anonymous
    2024-05-27T14:04:13+00:00

    Hello GermainH,
     
    Thanks for reaching out to the Microsoft Community.

    According to the official document: Microsoft 365 alert policies | Microsoft Learn the alert suggests the following:

    To further analysis the issue, we need a few additional details. Could you please share the original message headers for the specified emails. I've started a Private Conversation so you can securely share the necessary information.

    Looking forward to your response.

    0 comments