Bypass spam filtering not working
we created a rule in Exchange Online to Bypass spam filtering however when checking the message trace it shows that the email message is still going to "quarantine". Message trace shows the incoming email is hitting the message rule . Not sure why if its matching the rule and the rule says Bypass spam filtering why is it going to quarantine. what am i missing?
5 answers
Sort by: Most helpful
-
-
dirkdigs 921 Reputation points
2021-11-09T16:45:06.79+00:00 Sender: user@SENDER.com
Recipient: user@recipient.comReceived -> Processed -> Delivered
Status: The message was delivered to the recipient's Inbox folder.<br/><br/><b>Delivery time:</b> 11/3/2021 9:28:34 PM (UTC)
More information: <div>If the recipient can't find the message in their Inbox folder, it might have been deleted or moved to another folder (such as Junk Email) either manually or automatically based on an Inbox rule or Sweep rule the recipient set up. Ask them to search for the message across all folders in their mailbox.<br/><br/><b>Tip:</b> If the recipient still can't find the message in Outlook, they might be having connectivity issues. Ask them to try restarting Outlook or use <a href='https://outlook.office365.com/owa/' target='_blank'>Outlook on the web</a> to check for the message. To see detailed steps for fixing Outlook, see <a href='http://go.microsoft.com/fwlink/p/?LinkId=708526' target='_blank'>Fix Outlook connection problems in Office 365</a>.</div>
Date (UTC) | Event | Detail |
11/3/2021, 9:32 AM | Receive | Message received by: QB1PR01MB3203.CANPRD01.PROD.OUTLOOK.COM using TLS1.2 with AES256
11/3/2021, 9:32 AM | Spam | No detail information available.
11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Whitelist domain - domain', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Whitelist domain - domain', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/3/2021, 9:32 AM | Receive | Message received by: QB1CAN01H12123.eop-CAN01.prod.protection.outlook.com using TLS1.2 with AES256
11/3/2021, 9:32 AM | Send | Message sent to domain.mail.protection.outlook.com at 104.47.60.36 using TLS1.2 with AES256
11/3/2021, 9:32 AM | Send | Message sent to quarantine.
11/3/2021, 4:28 PM | Receive | Message received by: YQXP234234287.CANPRD01.PROD.OUTLOOK.COM using TLS1.2 with AES256
11/3/2021, 4:28 PM | Deliver | The message was successfully delivered.
More information
Message ID:<20211103143206.431B33EF2F@r3111pvap1318.1dc.com>
Message size | From IP | To IP
98.94 KB | 1.1.1.1 | null -
Andy David - MVP 142.2K Reputation points MVP
2021-11-09T16:46:25.087+00:00 I would change to this instead of using the senders domain
and set:
and make sure this is checked:
-
dirkdigs 921 Reputation points
2021-11-15T16:47:07.49+00:00 message still going to quarantine today
Sender: sender@customer.com
Recipient: user@receiver.caReceived -> Processed -> Delivered
Status: The message was delivered to the recipient's Inbox folder.<br/><br/><b>Delivery time:</b> 11/15/2021 4:30:09 PM (UTC)
More information: <div>If the recipient can't find the message in their Inbox folder, it might have been deleted or moved to another folder (such as Junk Email) either manually or automatically based on an Inbox rule or Sweep rule the recipient set up. Ask them to search for the message across all folders in their mailbox.<br/><br/><b>Tip:</b> If the recipient still can't find the message in Outlook, they might be having connectivity issues. Ask them to try restarting Outlook or use <a href='https://outlook.office365.com/owa/' target='_blank'>Outlook on the web</a> to check for the message. To see detailed steps for fixing Outlook, see <a href='http://go.microsoft.com/fwlink/p/?LinkId=708526' target='_blank'>Fix Outlook connection problems in Office 365</a>.</div>
Date (UTC) | Event | Detail |
11/15/2021, 9:42 AM | Receive | Message received by: YT3PR01MB5530.1234.PROD.OUTLOOK.COM using TLS1.2 with AES256
11/15/2021, 9:42 AM | Spam | No detail information available.
11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Whitelist domain - ', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Whitelist domain - ', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Whitelist domain - ', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).
11/15/2021, 9:42 AM | Receive | Message received by: QB1CAN01HT006.eop-CAN01.prod.protection.outlook.com using TLS1.2 with AES256
11/15/2021, 9:42 AM | Send | Message sent to COMPANY.mail.protection.outlook.com at X.X.X.X using TLS1.2 with AES256
11/15/2021, 9:42 AM | Send | Message sent to quarantine.
11/15/2021, 10:30 AM | Receive | Message received by: YTOPR0101MB0876.CANPRD01.PROD.OUTLOOK.COM using TLS1.2 with AES256
11/15/2021, 10:30 AM | Deliver | The message was successfully delivered.
More information
Message ID:<20211115154004.E939E3F566@r3pvap1318.1dc.com>
Message size | From IP | To IP
98.91 KB | X.X.X.X | null -
Andy David - MVP 142.2K Reputation points MVP
2021-11-15T17:51:53.69+00:00 Ok, thats why its not working :)
365 wont let you allow these. You will need to contact the sender, something in the way they are sending these are throwing alarms.