Domain Emails Being Treated as Malware

JulianS 0 Reputation points


I originally posted this on, but the support team there recommended that I post this here instead to get more specific help from the Microsoft Exchange Expert team here.

For the past two weeks, we've been trying to fix two issues:

  1. Internal emails between our staff are being erroneously flagged as "high confidence phish" and then getting quarantined by our Anti-spam rules. They are even pulled out of our inboxes after successful delivery, leading to duplicate emails being received with different timestamps when we release them out of Quarantine. We worked with Microsoft Support to adjust our MX, DKIM, and DMARC records, and that seems to have helped a little with this issue, but it's still happening. I've heard in the Microsoft community that this issue might be related to a new machine learning model for Microsoft Exchange Online?
  2. The second and much larger issue is that our emails are getting rejected by a lot of external domains. Some will give bouncebacks, others will just silently reject/filter them. We worked with the networking staff at one of those companies to determine that our emails are being viewed by their system as either malware or phish, even when the message is completely blank (no signatures, no links, etc.). We can't figure out why, but this has been happening for a few months, and has gotten significantly worse over the past two weeks.

Our domain host is saying everything looks fine on their end. We ran our domain against several global blacklist checkers, and we weren't on any. My ticket existing ticket for this issue is #‎2401160040013432. The problem is, now it seems like even Microsoft support isn't receiving my emails, as their responses make it sound like they aren't getting my messages any longer. How can I proceed if Microsoft support doesn't even get my messages anymore? Can this be escalated to the product team? Thank you very much for your help!

Microsoft Exchange Online
Windows 365 Business
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 41,631 Reputation points


    In this case please call up the global numbers with the priority ticket ID and raise the query as this is service impacting it should be picked up asap.

    Hope this helps. JS

    == Please Accept the answer if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments