Bypass spam filtering not working

asked 2021-11-09T16:38:46.78+00:00
dirkdigs 886 Reputation points

we created a rule in Exchange Online to Bypass spam filtering however when checking the message trace it shows that the email message is still going to "quarantine". Message trace shows the incoming email is hitting the message rule . Not sure why if its matching the rule and the rule says Bypass spam filtering why is it going to quarantine. what am i missing?

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
2,881 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,080 questions
{count} votes

5 answers

Sort by: Most helpful
  1. answered 2021-11-09T16:41:41.55+00:00
    dirkdigs 886 Reputation points

    147904-image.png

    No comments

  2. answered 2021-11-09T16:45:06.79+00:00
    dirkdigs 886 Reputation points

    Sender: user@SENDER.com
    Recipient: user@recipient.com

    Received -> Processed -> Delivered

    Status: The message was delivered to the recipient's Inbox folder.<br/><br/><b>Delivery time:</b> ‎11/3/2021 9:28:34 PM (UTC)‎

    More information: <div>If the recipient can't find the message in their Inbox folder, it might have been deleted or moved to another folder (such as Junk Email) either manually or automatically based on an Inbox rule or Sweep rule the recipient set up. Ask them to search for the message across all folders in their mailbox.<br/><br/><b>Tip:</b> If the recipient still can't find the message in Outlook, they might be having connectivity issues. Ask them to try restarting Outlook or use <a href='https://outlook.office365.com/owa/' target='_blank'>Outlook on the web</a> to check for the message. To see detailed steps for fixing Outlook, see <a href='http://go.microsoft.com/fwlink/p/?LinkId=708526' target='_blank'>Fix Outlook connection problems in Office 365</a>.</div>

    Date (UTC) | Event | Detail |

    11/3/2021, 9:32 AM | Receive | Message received by: QB1PR01MB3203.CANPRD01.PROD.OUTLOOK.COM using TLS1.2 with AES256

    11/3/2021, 9:32 AM | Spam | No detail information available.

    11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Whitelist domain - domain', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Whitelist domain - domain', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/3/2021, 9:32 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/3/2021, 9:32 AM | Receive | Message received by: QB1CAN01H12123.eop-CAN01.prod.protection.outlook.com using TLS1.2 with AES256

    11/3/2021, 9:32 AM | Send | Message sent to domain.mail.protection.outlook.com at 104.47.60.36 using TLS1.2 with AES256

    11/3/2021, 9:32 AM | Send | Message sent to quarantine.

    11/3/2021, 4:28 PM | Receive | Message received by: YQXP234234287.CANPRD01.PROD.OUTLOOK.COM using TLS1.2 with AES256

    11/3/2021, 4:28 PM | Deliver | The message was successfully delivered.

    More information
    Message ID:<20211103143206.431B33EF2F@r3111pvap1318.1dc.com>
    Message size | From IP | To IP
    ‎98.94‎ KB | 1.1.1.1 | null

    No comments

  3. answered 2021-11-09T16:46:25.087+00:00
    Andy David - MVP 109.3K Reputation points Microsoft MVP

    I would change to this instead of using the senders domain

    147911-image.png

    and set:

    147824-image.png

    and make sure this is checked:

    147875-image.png


  4. answered 2021-11-15T16:47:07.49+00:00
    dirkdigs 886 Reputation points

    message still going to quarantine today
    Sender: sender@customer.com
    Recipient: user@receiver.ca

    Received -> Processed -> Delivered

    Status: The message was delivered to the recipient's Inbox folder.<br/><br/><b>Delivery time:</b> ‎11/15/2021 4:30:09 PM (UTC)‎

    More information: <div>If the recipient can't find the message in their Inbox folder, it might have been deleted or moved to another folder (such as Junk Email) either manually or automatically based on an Inbox rule or Sweep rule the recipient set up. Ask them to search for the message across all folders in their mailbox.<br/><br/><b>Tip:</b> If the recipient still can't find the message in Outlook, they might be having connectivity issues. Ask them to try restarting Outlook or use <a href='https://outlook.office365.com/owa/' target='_blank'>Outlook on the web</a> to check for the message. To see detailed steps for fixing Outlook, see <a href='http://go.microsoft.com/fwlink/p/?LinkId=708526' target='_blank'>Fix Outlook connection problems in Office 365</a>.</div>

    Date (UTC) | Event | Detail |

    11/15/2021, 9:42 AM | Receive | Message received by: YT3PR01MB5530.1234.PROD.OUTLOOK.COM using TLS1.2 with AES256

    11/15/2021, 9:42 AM | Spam | No detail information available.

    11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Whitelist domain - ', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Whitelist domain - ', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Whitelist domain - ', ID: ('140DE2C2-6E6E-4175-B4E3-896F1E991F50'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/15/2021, 9:42 AM | Transport rule | Transport rule: 'Prepend External Sender disclaimer', ID: ('98ED3E7A-CA0C-4AE9-967D-EF98E212E62B'), DLP policy: '', ID: (00000000-0000-0000-0000-000000000000).

    11/15/2021, 9:42 AM | Receive | Message received by: QB1CAN01HT006.eop-CAN01.prod.protection.outlook.com using TLS1.2 with AES256

    11/15/2021, 9:42 AM | Send | Message sent to COMPANY.mail.protection.outlook.com at X.X.X.X using TLS1.2 with AES256

    11/15/2021, 9:42 AM | Send | Message sent to quarantine.

    11/15/2021, 10:30 AM | Receive | Message received by: YTOPR0101MB0876.CANPRD01.PROD.OUTLOOK.COM using TLS1.2 with AES256

    11/15/2021, 10:30 AM | Deliver | The message was successfully delivered.

    More information
    Message ID:<20211115154004.E939E3F566@r3pvap1318.1dc.com>
    Message size | From IP | To IP
    ‎98.91‎ KB | X.X.X.X | null


  5. answered 2021-11-15T17:51:53.69+00:00
    Andy David - MVP 109.3K Reputation points Microsoft MVP

    Ok, thats why its not working :)
    365 wont let you allow these. You will need to contact the sender, something in the way they are sending these are throwing alarms.

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwide

    149475-image.png