Too many important messages are going into my Outlook Junk Email folder, and I can’t figure out why.
Seriously, I don’t know how to explain it. Several of my clients have mentioned that more messages lately are being incorrectly flagged as spam, and the mistakes seem obvious when I look at my own Junk Email folder. But there are only scattered complaints online when I search for trends. I don’t see any changes from Microsoft in the last year or two that would account for it.
I don’t have any answers. If you’re not checking your junk mail folder occasionally, I’d suggest you scan it every so often, just in case.
Microsoft’s definition of junk email: “Junk email is spam, which are unsolicited and universally unwanted messages (when identified correctly).”
For many years, the default Office 365 spam filter was almost completely reliable. It would capture junk but pass through virtually all legitimate messages. Sure, much of what was passed through was advertising and crud, but the important thing was, we could safely ignore the junk mail folder.
Something has gone wrong.
This is a screenshot of messages in my junk mail folder from the last week.
Those messages have one thing in common: Not one of them is junk mail. None of them are “unsolicited and universally unwanted.”
- The first one is a receipt from Apple for a monthly payment. It’s a receipt from one of the largest companies in the world. What is it doing in junk mail?
- Some of the messages are advertising from companies I’ve done business with. There’s a newsletter from Relix that I subscribed to. There’s an alert that Sonora Resort – a place we went on vacation – won’t open this season.
- On Wednesday, it’s one of my own articles sent by the company that I use for mass mailings – Mad Mimi, owned by GoDaddy. I’ve whitelisted my incoming articles dozens of times, and they still go to junk.
- There’s an alert about a client’s server from the company that handles my remote management software. Solarwinds is one of the largest companies in the world for IT monitoring and support.
- There’s a notification of a security breach at Burning Shed, a UK music vendor that I’ve done business with, notifying me that I have to go change my password.
It’s worth mentioning that I’ve never blacklisted any of these companies (marked them as junk), and no rules are sending them to junk.
Microsoft’s spam filtering service, Exchange Online Protection (EOP), has been continuously in place with constant tweaking, but no major overhauls, for fifteen years. Microsoft checks IP addresses of senders and drops messages that are unambiguously from bad guys. (An extraordinary number of malicious messages never reach you. You’d be appalled.) Phishing messages with malicious URLs are quarantined, but the bad guys change the URLs so quickly that obviously some get through.
As you’d expect, spam filtering is complex. Large enterprises can configure EOP in endless ways. Theoretically, small businesses can tweak and create whitelists and fritter away time and money working on the details, but it’s complicated – I would have a difficult time coming up to speed, and setting up a spam policy for a single company is different than doing it for each of the dozens of companies that depend on me.
And that misses the point. For many years, it just worked. Microsoft’s documentation for Office 365 says, “By default, spam filtering is tuned to protect you without needing any additional configuration.” Now I’m losing confidence in it, and that’s frustrating.
Let’s look at some details.
First, if you’re an Outlook user, there is a drop-down on the ribbon under Junk for Junk E-mail Options. It will be set to “No Automatic Filtering.” Do not change that setting!
The Options screen is a legacy from an additional level of spam screening that Microsoft abandoned four years ago. It has nothing whatsoever to do with the junk mail filtering done by Microsoft servers before the mail gets to you.
Here’s a portion of the header of the message in my junk mail folder about the Equifax class action settlement.
SPF is a DNS record set up by the senders of messages to help prevent spammers from spoofing real domains. You can see in the above header that there is a good SPF record for equifaxbreachsettlement.com.
Microsoft uses a variety of techniques to assign a Spam Confidence Level (SCL) to each message. You’ll see the SCL in the above message is 6, which is in the zone that sends it to junk mail. The assignment of an SCL is the part that is going wrong for Microsoft. There is no transparency that I’m aware of to explain why Microsoft assigns a particular SCL.
The Equifax email was almost certainly sent to a large number of people, but Microsoft handles bulk mail separately. You can see that the BCL (Bulk Complaint Level) is set to zero, which means that’s not the reason it was sent to junk.
It’s very strange. If Microsoft has some glaring defect in its spam filtering, I would expect to find discussions and complaints all over the web – but I did a lot of Google questing and I can’t find that kind of uproar. Yet I can’t overlook all the messages in Junk Email that just shouldn’t be there.
Check your junk mail. And let me know if I’m missing something obvious.
For Office/Microsoft 365 accounts, the core decisions are all made on the Exchange Server. To change those, have the Microsoft 365 administrator go to https://protection.office.com/antispam and create a different filter or modify the default policy (or do it via Exchange Powershell for more advanced changes).
I think the simplest and most bang for the buck is to simply change the action for spam and bulk mail to either “Prepend subject line with text” (and then add something like “** Possible spam **”) or “Add X-header,” which allows them to be delivered with no real effort to build a new filter. This leaves “High confidence spam” and all phishing mail headed to the Junk Mail Folder.
Our Office filter is marking as junk, emails from our own domain. This is ridiculous.
I straight up disabled it via PowerShell on my account. Fortunately, I’m a go I am a global admin for our tenant. Not everyone would have this option.
Very much with you on this. Something is very wrong with Microsoft spam filters. It’s as if they’ve given up and mark just about everything as spam, instead relying on you to decide what’s not by whitelisting.
Whitelisting emails or domains has become a must-do over the past 2 years, otherwise the majority of legitimate mail goes to junk. Trouble is, when a new client on-boards with 365, they won’t have all their contacts whitelisted so begins weeks of building a whitelist.
This is not acceptable – get raising it with Microsoft!
I’m having a lot of legitimate email ending up in my junk email. Much of it is from senders I have been receiving email from for years with no problem. Now, the last few months, much of it goes to junk mail for some inexplicable reason.
Same problem here – all our emails to Hotmail/Live etc are marked as Junk – even though our SPF, DKIM etc all checks out – we have to check each clients email and send from our own Hotmail account to get any mail through – most frustrating.
SPL seems to be set at 6.
MS just respond that they are not going to change anything! Our servers are not blacklisted and are dedicated IPs.
I am with you! I am seeing a ton of quarantined emails that passed spf and dkim. I have also seen some spoofing that shouldn’t have passed get through.
I enabled End User Notifications on quarantined spam. That’s about as much as I can do.