URL incorrectly marked as malware for all Microsoft tenants through URL detonation

Question

We have a serious problem with URL denotation which is affecting not only our organisation but also the wider global community in the field of climate change, which we work in.

Since last Tuesday, any email sent or received by any Microsoft tenant which contains the text string of our URL is marked as Malware due to the URL detonation policy, and sent to the quarantine of the tenant. We have confirmed through multiple experts that there is no malware on the site and that it is not on any blacklists. We have even moved the website to an entirely different hosting provider to rule out issues with the server being blacklisted.

That our own email flow is disrupted is the least of our problems: all Microsoft tenants are afflicted by the same issue when this URL appears in their emails, or any attachments they share, even when we are not a party to the communications.

I have found on blogs from previous years that a handful of organisations have had similar issues, which were resolved after the issue was escalated enough times until it reached an engineer who is able to remove the URL from whatever internal list it has landed on. Microsoft support agents have told us that they understand the problem to be on their side, but they are not responsive or accessible and we are struggling to have the issue escalated.

Can anybody offer advice on either the issue at hand, or on how to force the escalation of the issue within the Microsoft support system? Enormous thanks for any help you might be able to offer.

Answer 1

Dear AD Thomas Day,

Hope you are doing great. I wonder if you can share case ID, so we can try to check internally and push for update. Thanks.

Lydia

Answer 2

Hi, AD Thomas Day

Thanks for your updates.

Based on your words, could you please share your detailed ticket number with us that we can ask the related team to response to you ASAP.

In order to protect your privacy, please share the detailed ticket number in Private Message as following steps

Please click account you logged in on the up-right corner - My profile - View private messages to get it.

Thanks for your precious time and your understanding would be highly appreciated.

Hope you all the best!

Sincerely,

Alex | Microsoft Community Moderator.

Answer 3

Thank you very much for your response. We already have an admin-generated ticket open, since 9 days ago. Microsoft agents have been unresponsive for days now and there is no way for us to edit/update the ticket anymore. How can we ensure that this is urgently escalated and addressed?

Many thanks again.

Answer 4

Hi, AD Thomas Day

Good day!

Thank you for posting to Microsoft Community. We are happy to assist you.

According to your description, I'm sorry to hear that you are experiencing this issue with URL detonation in Microsoft 365.

As a customer support agent, I suggest that you contact Microsoft Online Tech support directly to escalate the issue. You can do this by submitting a support ticket through the Microsoft 365 admin center or by calling Microsoft support. When submitting the ticket, be sure to provide as much detail as possible about the issue, including any relevant error messages or logs. This will help the support team to quickly identify and resolve the issue.

Ref- Get support - Microsoft 365 admin | Microsoft Learn.

This will save your save time and you will get further assistance through the PC remote. We believe they will conduct in-depth of this URL issue and provide you a solution.

Thanks for your precious time and your understanding would be highly appreciated.

Hope you all the best!

Sincerely,

Alex | Microsoft Community Moderator.

Answer 5

Dear AD Thomas Day,

Good day!

Thank you for posting to Microsoft Community. We are glad to assist. We are looking into your situation and we will update the thread shortly.

Appreciate your patience and understanding and thank you for your time and cooperation.

Sincerely,

Ashraf | Microsoft Community Moderator