Legitimate e-mails are marked as phishing when sent to Office 365 accounts

Jan Van Hoye 0 Reputation points
2024-03-06T14:43:35.99+00:00

Hello,

Emails that are sent from the appled.eu domain to Microsoft Office 365 accounts are very frequently marked as "Phishing" and are quarantined automatically.

This happens with mails without any hyperlinks and even with plain-text mails with no attachments.

The appled.eu domain has a valid SPF record, valid DKIM domain keys, and valid dMarc settings.

Why are these mails quarantined?

Thank you

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,167 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 141.1K Reputation points MVP
    2024-03-06T16:34:21.8666667+00:00

    well if that is the case, there is no way to fix that, other than the recipients marking the messages as false positives or they open a case with 365 support.

    1 person found this answer helpful.

  2. Andy David - MVP 141.1K Reputation points MVP
    2024-03-06T15:11:19.3533333+00:00

    The DMARC settings are not enabled. The policy should really be set to "Reject" for optimal usage:

    https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3aappled.eu&run=toolpage


  3. Andy David - MVP 141.1K Reputation points MVP
    2024-03-06T15:23:23.6066667+00:00

    Assuming these emails are being sent correctly ( passing DMARC) and from authorized senders, then reject is the strongest and best policy to use. Only emails sent incorrectly or from unauthorized IPs will get rejected. If you arent sure if the messages are being sent correctly, then set the policy to "Quarantine" first for a bit and monitor.

    But your ultimate goal should be a policy of reject.

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide