Microsoft Exchange and Microsoft Defender Flag My Site as Phishing--What Can I Do?

David Ramm 20 Reputation points


For about a month our site (domain removed due to privacy) has apparently been flagged by Microsoft as a phishing site. A Microsoft Defender warning comes up to that effect on Edge (and only Edge) and any email we send that includes our URL is not delivered by any of our customers who use Microsoft as their email service. Since all of our customers are governments, essentially all of them use Microsoft--so this is having a major negative impact on our business.

We've submitted a formal request through the link provided by the Defender warning to have our site delisted. And for a couple of days I could reach the homepage on Edge without a problem. But the warning has returned.

We've also figured out a temporary workaround to the email problem by making sure there are no links our site in our emails, including any attachments. But customers also can't forward information about our site to any of their colleagues, etc.

This is a major problem and there appears to be no reasonable, fast way to address this damaging practice.

Microsoft Exchange Online
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
96 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 15,171 Reputation points

    I understand the gravity of your situation, where your website has been incorrectly flagged as a phishing site by Microsoft Defender, affecting both web access and email deliverability. Here are some steps and considerations to address this issue:

    1. Review and Rectify Website Security: Ensure your website is secure and adheres to best practices in web security. This includes checking for any vulnerabilities, ensuring SSL certificates are up to date, and your website is compliant with standard security protocols.
    2. Resubmit Delisting Request: If you've already submitted a delisting request through Microsoft Defender and the issue persists, it's advisable to submit another request. Sometimes, multiple reviews are necessary for resolution.
    3. Microsoft Support for Phishing Site False Positives:
    4. Check for Email Best Practices: Ensure that your emails adhere to best practices to avoid being flagged as spam or phishing. This includes proper email authentication (like SPF, DKIM, and DMARC records), maintaining a good sender reputation, and following email content guidelines.
    5. Contact Microsoft Support: If the issue persists, contact Microsoft Support directly for assistance. They can provide more personalized support and potentially expedite the review process.
    6. Inform Your Customers: Communicate with your customers about the issue. Provide alternative ways to access your content or services while the issue is being resolved.
    7. Monitor Your Domain's Reputation: Use tools to monitor your domain's reputation online. Sometimes, other factors (like being listed on DNS-based blacklists) can contribute to such issues.
    8. Legal Considerations: If this issue is significantly impacting your business, consider consulting with a legal professional to understand if there are any legal remedies available.

    Remember, the process of delisting or resolving false positives with Microsoft Defender can take some time. It's crucial to follow up persistently while ensuring all aspects of your website and email practices are compliant and secure.

    Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful