![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Outlook | Windows | Classic Outlook for Windows | For home
Using Classic Outlook on Windows for personal email, calendar, and contact management
For anyone finding this thread through Google: We were able to resolve this issue yesterday, 12 days after the incident started.
Our service provider was able to get a hold of somebody senior in Microsoft support that pulled some strings. After this, the issue was accepted by Microsoft support within 30 minutes, and the issue was confirmed solved after 4 hours.
I have no insight into how they managed to get in touch with Microsoft support though the back channels, but I suspect personal relationships was used. I don't know how we would solve this issue without.
The issue turned out a lot worse than first thought. As our domain was on a global list of phishing domains, this was the impact:
- Every email we sent was quarantined at the receiving end of the receiver had Office365. Not because of the from address, but because we had our domain written in our email signature. We were in no way notified of this, and it took some time to realize this was happening, and that every user was affected. Removing any mention of our domain name from the signature was a temporary workaround.
- But this issue was not only for us. Any email sent, from anybody in the world, that contained our domain name, was quarantined without the sender or receiver being notified, if the receiver had Office365.
- We realized this also impacted a lot of automatic emails that randomly contained our domain name in the email body or subject, including our invoicing system, payslips, travel expenses, metabase reports, github integrations and so much more. Truly a business critical issue.
For anyone stuck in the same situation, I would:
- File a support ticket, and start using your Microsoft network to get attention on the issue. If you are unlucky like us, we had 4 tickets, over 10 days, just being closed with no reason given.
- Figure out what triggers the quarantine. Is it the domain name, like for us?
- Start mapping our what systems you have that might be affected and see if you can remove the trigger-word. I guess email signature is an obvious one, but remember every other auto-email you may have.
- Whitelist the trigger word for incoming emails. This should resolve people emailing you. (and replying to your with your signature in the original email under the reply)
- Create lists of emails that have been sent that may have been blocked at the receiving end and work with the users to resend these emails without the trigger word. Our service provider did this for us, so I can't tell you the exact steps taken to produce these lists.
- Hope that your ticket gets acknowledged by Microsoft and resolved.
Tagging this post with Phishing, MDO, blacklist.