Too many important messages are going into my Outlook Junk Email folder, and I can’t figure out why.
Seriously, I don’t know how to explain it. Several of my clients have mentioned that more messages lately are being incorrectly flagged as spam, and the mistakes seem obvious when I look at my own Junk Email folder. But there are only scattered complaints online when I search for trends. I don’t see any changes from Microsoft in the last year or two that would account for it.
I don’t have any answers. If you’re not checking your junk mail folder occasionally, I’d suggest you scan it every so often, just in case.
Microsoft’s definition of junk email: “Junk email is spam, which are unsolicited and universally unwanted messages (when identified correctly).”
For many years, the default Office 365 spam filter was almost completely reliable. It would capture junk but pass through virtually all legitimate messages. Sure, much of what was passed through was advertising and crud, but the important thing was, we could safely ignore the junk mail folder.
Something has gone wrong.
This is a screenshot of messages in my junk mail folder from the last week.
Those messages have one thing in common: Not one of them is junk mail. None of them are “unsolicited and universally unwanted.”
- The first one is a receipt from Apple for a monthly payment. It’s a receipt from one of the largest companies in the world. What is it doing in junk mail?
- Some of the messages are advertising from companies I’ve done business with. There’s a newsletter from Relix that I subscribed to. There’s an alert that Sonora Resort – a place we went on vacation – won’t open this season.
- On Wednesday, it’s one of my own articles sent by the company that I use for mass mailings – Mad Mimi, owned by GoDaddy. I’ve whitelisted my incoming articles dozens of times, and they still go to junk.
- There’s an alert about a client’s server from the company that handles my remote management software. Solarwinds is one of the largest companies in the world for IT monitoring and support.
- There’s a notification of a security breach at Burning Shed, a UK music vendor that I’ve done business with, notifying me that I have to go change my password.
It’s worth mentioning that I’ve never blacklisted any of these companies (marked them as junk), and no rules are sending them to junk.
Microsoft’s spam filtering service, Exchange Online Protection (EOP), has been continuously in place with constant tweaking, but no major overhauls, for fifteen years. Microsoft checks IP addresses of senders and drops messages that are unambiguously from bad guys. (An extraordinary number of malicious messages never reach you. You’d be appalled.) Phishing messages with malicious URLs are quarantined, but the bad guys change the URLs so quickly that obviously some get through.
As you’d expect, spam filtering is complex. Large enterprises can configure EOP in endless ways. Theoretically, small businesses can tweak and create whitelists and fritter away time and money working on the details, but it’s complicated – I would have a difficult time coming up to speed, and setting up a spam policy for a single company is different than doing it for each of the dozens of companies that depend on me.
And that misses the point. For many years, it just worked. Microsoft’s documentation for Office 365 says, “By default, spam filtering is tuned to protect you without needing any additional configuration.” Now I’m losing confidence in it, and that’s frustrating.
Let’s look at some details.
First, if you’re an Outlook user, there is a drop-down on the ribbon under Junk for Junk E-mail Options. It will be set to “No Automatic Filtering.” Do not change that setting!
The Options screen is a legacy from an additional level of spam screening that Microsoft abandoned four years ago. It has nothing whatsoever to do with the junk mail filtering done by Microsoft servers before the mail gets to you.
Here’s a portion of the header of the message in my junk mail folder about the Equifax class action settlement.
SPF is a DNS record set up by the senders of messages to help prevent spammers from spoofing real domains. You can see in the above header that there is a good SPF record for equifaxbreachsettlement.com.
Microsoft uses a variety of techniques to assign a Spam Confidence Level (SCL) to each message. You’ll see the SCL in the above message is 6, which is in the zone that sends it to junk mail. The assignment of an SCL is the part that is going wrong for Microsoft. There is no transparency that I’m aware of to explain why Microsoft assigns a particular SCL.
The Equifax email was almost certainly sent to a large number of people, but Microsoft handles bulk mail separately. You can see that the BCL (Bulk Complaint Level) is set to zero, which means that’s not the reason it was sent to junk.
It’s very strange. If Microsoft has some glaring defect in its spam filtering, I would expect to find discussions and complaints all over the web – but I did a lot of Google questing and I can’t find that kind of uproar. Yet I can’t overlook all the messages in Junk Email that just shouldn’t be there.
Check your junk mail. And let me know if I’m missing something obvious.
I am having same issue for last month or 2. Not sure of the problem or solution, but emails from my contacts for many years are going into “junk mail” ?????
I have the same problem since month now and i’m in contact with the absolute useless Microsoft support.
We have an internal Postfix which is sending to our big customers which are using Exchange Online. Our emails goes directly to SPAM. I have make a lot of tests.
Every Spam check with SPF and so on is pass and correct. The Spam header for
X-MS-Exchange-Organization-PCL: 2
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-Organization-SCL: 0
are ok. No one on the Microsoft site can tell me whats the problem. That a big problem when you send offers to your customers which go to SPAM.
So at the moment it’s absolute bullshit. I have made some tests. When i remove our domain from the mail content in some cases the email goes to inbox. When someone has some good ideas i’m open for some input.
Converting my first O365 tenancy so I’m doing a lot of reading. I came across your post.
I’ve also read a lot of tech documents. I wondered if you checked the MarkAsSpamBulkMail flag on your policies. This is a powershell-only flag.
If the BCL is > threshold, the BCL is converted into an SCL of 6 which is what you are seeing. This is the default behaviour.
If you turn it off, the message is stamped with the BCL and no action is taken.
More info here.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-worldwide
Hmm. That’s interesting. I’ll check it out. Thanks!
Having the same problem here since roundabout a year. Before, everything just worked fine. Nowadays mails from customers, mails from collegues, invoices, simply everything is randomly shuffled into the junk mail folders of my users. This is extremely frustrating.
I was starting to suffer from imposter syndrome until I read this.
We are even seeing mail from Office 365 (specifically Office365Reports@microsoft.com) going into Junk Mail.
Yes I run a mailserver for a school and all sorts of e-mails are going into spam. A lot of internal mails from our young users are going there for apparently no reason; no spammy words at all.
Shouldn’t it auto whitelist senders that users have e-mailed? ASSP (an open source spam filter I used to use) had an option for this and I thought it worked great for reducing user complaints?
My articles are emailed by Mad Mimi, a mass mailing company owned by GoDaddy – one of the big ones, like Vertical Response and MailChimp.
I just sent tonight’s article to myself – “Rules for Computer and Online Safety.” The sender is brucebnews@bruceb.com – an alias for my mailbox, plus whatever is appended because it’s being sent by a subsidiary of GoDaddy, one of Microsoft’s primary Office 365 partners.
It didn’t even arrive in Junk Mail. It was quarantined. I had to go digging in the admin controls to release it. Are my Office 365 subscribers not going to get instructions about being safe because Microsoft disappears my article?
WTF, Microsoft? This is absurd!
I have a relatively new computer which came with a trial period of McAfee protection. I checked with a computer consultant to see if was necessary to continue the subscription when it ran out. it was his opinion that the computer had built in protection. I’m thinking that this problem of all emails going to spam might connected to the protection service.
Exchange 2019 Mac PBP latest OS 2020, Outlook latest using 365 subscription.
Junk mail no longer working automatically. Says not available for this account. OWA not helpful. Has anything happened at MS? I use Exchange filters for regular incoming like my family and local filters for shorter term incoming like our current construction sites.
For Office/Microsoft 365 accounts, the core decisions are all made on the Exchange Server. To change those, have the Microsoft 365 administrator go to https://protection.office.com/antispam and create a different filter or modify the default policy (or do it via Exchange Powershell for more advanced changes).
I think the simplest and most bang for the buck is to simply change the action for spam and bulk mail to either “Prepend subject line with text” (and then add something like “** Possible spam **”) or “Add X-header,” which allows them to be delivered with no real effort to build a new filter. This leaves “High confidence spam” and all phishing mail headed to the Junk Mail Folder.
Our Office filter is marking as junk, emails from our own domain. This is ridiculous.
I straight up disabled it via PowerShell on my account. Fortunately, I’m a go I am a global admin for our tenant. Not everyone would have this option.
We did the same thing with several mailboxes for our users because this was getting out of hand. Even email addresses and domains that were explicitly whitelisted were sometimes marked as junk. We were constantly having to monitor the junk folder anyway, so it didn’t really make sense to keep it turned on. Now those messages end up in clutter, which makes more sense.
Very much with you on this. Something is very wrong with Microsoft spam filters. It’s as if they’ve given up and mark just about everything as spam, instead relying on you to decide what’s not by whitelisting.
Whitelisting emails or domains has become a must-do over the past 2 years, otherwise the majority of legitimate mail goes to junk. Trouble is, when a new client on-boards with 365, they won’t have all their contacts whitelisted so begins weeks of building a whitelist.
This is not acceptable – get raising it with Microsoft!
I’m having a lot of legitimate email ending up in my junk email. Much of it is from senders I have been receiving email from for years with no problem. Now, the last few months, much of it goes to junk mail for some inexplicable reason.
Same problem here – all our emails to Hotmail/Live etc are marked as Junk – even though our SPF, DKIM etc all checks out – we have to check each clients email and send from our own Hotmail account to get any mail through – most frustrating.
SPL seems to be set at 6.
MS just respond that they are not going to change anything! Our servers are not blacklisted and are dedicated IPs.
I am with you! I am seeing a ton of quarantined emails that passed spf and dkim. I have also seen some spoofing that shouldn’t have passed get through.
I enabled End User Notifications on quarantined spam. That’s about as much as I can do.