Too many important messages are going into my Outlook Junk Email folder, and I can’t figure out why.
Seriously, I don’t know how to explain it. Several of my clients have mentioned that more messages lately are being incorrectly flagged as spam, and the mistakes seem obvious when I look at my own Junk Email folder. But there are only scattered complaints online when I search for trends. I don’t see any changes from Microsoft in the last year or two that would account for it.
I don’t have any answers. If you’re not checking your junk mail folder occasionally, I’d suggest you scan it every so often, just in case.
Microsoft’s definition of junk email: “Junk email is spam, which are unsolicited and universally unwanted messages (when identified correctly).”
For many years, the default Office 365 spam filter was almost completely reliable. It would capture junk but pass through virtually all legitimate messages. Sure, much of what was passed through was advertising and crud, but the important thing was, we could safely ignore the junk mail folder.
Something has gone wrong.
This is a screenshot of messages in my junk mail folder from the last week.
Those messages have one thing in common: Not one of them is junk mail. None of them are “unsolicited and universally unwanted.”
- The first one is a receipt from Apple for a monthly payment. It’s a receipt from one of the largest companies in the world. What is it doing in junk mail?
- Some of the messages are advertising from companies I’ve done business with. There’s a newsletter from Relix that I subscribed to. There’s an alert that Sonora Resort – a place we went on vacation – won’t open this season.
- On Wednesday, it’s one of my own articles sent by the company that I use for mass mailings – Mad Mimi, owned by GoDaddy. I’ve whitelisted my incoming articles dozens of times, and they still go to junk.
- There’s an alert about a client’s server from the company that handles my remote management software. Solarwinds is one of the largest companies in the world for IT monitoring and support.
- There’s a notification of a security breach at Burning Shed, a UK music vendor that I’ve done business with, notifying me that I have to go change my password.
It’s worth mentioning that I’ve never blacklisted any of these companies (marked them as junk), and no rules are sending them to junk.
Microsoft’s spam filtering service, Exchange Online Protection (EOP), has been continuously in place with constant tweaking, but no major overhauls, for fifteen years. Microsoft checks IP addresses of senders and drops messages that are unambiguously from bad guys. (An extraordinary number of malicious messages never reach you. You’d be appalled.) Phishing messages with malicious URLs are quarantined, but the bad guys change the URLs so quickly that obviously some get through.
As you’d expect, spam filtering is complex. Large enterprises can configure EOP in endless ways. Theoretically, small businesses can tweak and create whitelists and fritter away time and money working on the details, but it’s complicated – I would have a difficult time coming up to speed, and setting up a spam policy for a single company is different than doing it for each of the dozens of companies that depend on me.
And that misses the point. For many years, it just worked. Microsoft’s documentation for Office 365 says, “By default, spam filtering is tuned to protect you without needing any additional configuration.” Now I’m losing confidence in it, and that’s frustrating.
Let’s look at some details.
First, if you’re an Outlook user, there is a drop-down on the ribbon under Junk for Junk E-mail Options. It will be set to “No Automatic Filtering.” Do not change that setting!
The Options screen is a legacy from an additional level of spam screening that Microsoft abandoned four years ago. It has nothing whatsoever to do with the junk mail filtering done by Microsoft servers before the mail gets to you.
Here’s a portion of the header of the message in my junk mail folder about the Equifax class action settlement.
SPF is a DNS record set up by the senders of messages to help prevent spammers from spoofing real domains. You can see in the above header that there is a good SPF record for equifaxbreachsettlement.com.
Microsoft uses a variety of techniques to assign a Spam Confidence Level (SCL) to each message. You’ll see the SCL in the above message is 6, which is in the zone that sends it to junk mail. The assignment of an SCL is the part that is going wrong for Microsoft. There is no transparency that I’m aware of to explain why Microsoft assigns a particular SCL.
The Equifax email was almost certainly sent to a large number of people, but Microsoft handles bulk mail separately. You can see that the BCL (Bulk Complaint Level) is set to zero, which means that’s not the reason it was sent to junk.
It’s very strange. If Microsoft has some glaring defect in its spam filtering, I would expect to find discussions and complaints all over the web – but I did a lot of Google questing and I can’t find that kind of uproar. Yet I can’t overlook all the messages in Junk Email that just shouldn’t be there.
Check your junk mail. And let me know if I’m missing something obvious.
O365 sucks more that anything has ever sucked before. Our clients (only the ones using O365) don’t get our invoices and blame us for that, but our IP is clean, we pass SPF, DKIM, DMARC, everything, and all our non-O365 clients get our emails without issues.
All I can do is advise people not to use O365. Problem solved.
I live in Portugal. I just applied for a certificate of Covid vaccination. Microsoft put the message with the Certificate attached in Junk Mail.
We have had a problem for a while now trying to deliver to any customer whose email service provider is Microsoft Office – i.e. *.mail.protection.outlook.com
Originally, our email was hosted with GoDaddy and so (despite having our own dedicated IP) would have to go through GDs own email relay.
Some emails were just disappearing without trace, no warnings, errors, nothing. Eventually we established that GDs relay server was sending our emails from one of two IP addresses – seemingly randomly switching between the two. One ending in .202 and one in .196
All emails that went out using the IP address ending in .202 were fine. If it used .196 then emails to Microsoft addresses would vanish but the emails to, e.g. Gmail, would get through perfectly fine.
Microsoft support insisted that there was nothing wrong with the .196 IP address from their point of view and GD just ghosted us in the end.
So, in the complete absence of any support, we switched our mail hosting to Hostinger and have a fixed IP with them. SPF, DKIM, DMARC etc. are all set up and working properly. Our IP address is not on any blacklists and we are monitoring that through MX Toolbox.
And now everything is working fine…. except when sending to any customer whose email service provider is Microsoft Office – i.e. *.mail.protection.outlook.com
Those emails are now going into their Junk folder every time. Even for customers who have been with us for years and sent and received emails with no problems. Them marking our emails as not junk doesn’t stop the next one from us going into the junk folder.
Even when we are replying to an email they have sent to us…. straight into junk.
Microsoft support just says that there appears to be nothing wrong with our IP address from their point of view and recommends we sign up with their Smart Network Data Services (SNDS) and also the Junk Email Reporting Program (JMRP).
The trouble is, that we are already signed up to the SNDS and it lists our IP address as ‘normal’ but does not show us any data – apparently we would need to send around 100 emails a day to Microsoft addresses to have any data to view.
The JMRP reports zero instances of our emails being marked as spam by Microsoft users.
So we are no further down the line. My bosses are… concerned. And I’ve spent far too much time trying to figure out what the hell is going on.
Sorry I don’t offer any answers – will update if I get any further.
Wow. Just . . . wow. I can only imagine how much work it has been to get to this point – and how frustrating. You’re a long way down the rabbit hole. Good luck!
Thanks Bruce! The only upside has been that I have learnt a lot about SPF, DKIM etc. over the last few months..!
I am sooooo glad I stumbled upon this thread! I was beginning to think I did something to cause this. So first, a collectiveTHANK YOU.
Now to the issue at hand. As a general comment, I, like most of the rest of you, have been experiencing this problem for the past several weeks:
1. I first contacted MS mobile Outlook support group about this issue. They had me check my email on Outlook.com to see if the issue is duplicated there. It is. They then washed their hands of it, telling me the problem is therefore related to my account(!), and the Outlook.com support group would have to deal with it. I then went to the Office.com support site, where I repeated what my problem was, and that it was imperative they get me the solution immediately. I still have not received a response.
2. But the declaration by the mobile Outlook group led me to check to see whether my using outlook.com, mobile Outlook, or Outlook (365) Windows 10 desktop made any difference. It did not.
3. But at least we now know there appears to be consistency across these platforms. From a troubleshooting point of view, that’s big. E.g.,it at least tells us sync is working OK.
4. NOTHING is accomplished by selecting emails in the Junk folder and choosing the Not Junk option. By that, I mean I can assign any email Not Junk status, and it’s as if I didn’t do anything, as email from these same email addresses may well end up in the Junk folder again, regardless what devise (and consequently, what flavor of Outlook) I use.
5. One person in this thread mentioned using a trial version of McAfee, and wondering if it could be having an impact. This set off alarms in my head. Could an app be causing this?! Especially one (like McAfee) that can be set up to check email for viruses, etc? I too have McAfee on board, and I’m wondering if perhaps some update to that app could have triggered this problem on Outlook?? (or any other app in the same field – Avast, AVG, Norton, et al). I don’t have an answer to this question, as that kind of digging is way over my pay grade. But the possibility sure is intriguing to me.
Finally, thanks to everyone who is actively trying to solve this mystery.
And a closing word for Microsoft, if you’re listening: What kind of bullshit is this?!? We pay a pretty high premium that partly goes to your Outlook.com support group fo resolve problems JUST LIKE THIS. So “ENCOURAGE” THEM TO DO THEIR JOBS!! NO ONE in this thread or the billion others I’ve read related to this problem should have to be spending one minute trying to resolve this. People can lose their their jobs over stuff like this, Microsoft!RESOLVE THIS NOW!!
I’ve had less of a problem with this in the last few months. But FWIW some Office 365 users ran into a bug a few days ago that had perfectly good inbox mail diverted to Junk Mail. I didn’t run into it with my clients so I don’t know how many people or how long it lasted. Just another day with MS. Microsoft Office 365 issue routes inbound email directly to junk
I am having this problem now in 2021. The only solution I found was to turn off the spam/junk filter and just send all mail to my inbox. The strange thing is, I do not receive spam and 365 marked important mail as spam.
Hi …I’m also having a junk mail problem, I have always had 30/40 junk emails a day most of them were junk however some important emails for example from my employer always end up in my junk mail folder ..now I’m getting the opposite .. maybe 2or3 a day is all I’m getting sounds good but I’m worried that I’m losing important emails
I am having same issue for last month or 2. Not sure of the problem or solution, but emails from my contacts for many years are going into “junk mail” ?????
I have the same problem since month now and i’m in contact with the absolute useless Microsoft support.
We have an internal Postfix which is sending to our big customers which are using Exchange Online. Our emails goes directly to SPAM. I have make a lot of tests.
Every Spam check with SPF and so on is pass and correct. The Spam header for
X-MS-Exchange-Organization-PCL: 2
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-Organization-SCL: 0
are ok. No one on the Microsoft site can tell me whats the problem. That a big problem when you send offers to your customers which go to SPAM.
So at the moment it’s absolute bullshit. I have made some tests. When i remove our domain from the mail content in some cases the email goes to inbox. When someone has some good ideas i’m open for some input.
Converting my first O365 tenancy so I’m doing a lot of reading. I came across your post.
I’ve also read a lot of tech documents. I wondered if you checked the MarkAsSpamBulkMail flag on your policies. This is a powershell-only flag.
If the BCL is > threshold, the BCL is converted into an SCL of 6 which is what you are seeing. This is the default behaviour.
If you turn it off, the message is stamped with the BCL and no action is taken.
More info here.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-worldwide
Hmm. That’s interesting. I’ll check it out. Thanks!
Having the same problem here since roundabout a year. Before, everything just worked fine. Nowadays mails from customers, mails from collegues, invoices, simply everything is randomly shuffled into the junk mail folders of my users. This is extremely frustrating.
I was starting to suffer from imposter syndrome until I read this.
We are even seeing mail from Office 365 (specifically Office365Reports@microsoft.com) going into Junk Mail.
Yes I run a mailserver for a school and all sorts of e-mails are going into spam. A lot of internal mails from our young users are going there for apparently no reason; no spammy words at all.
Shouldn’t it auto whitelist senders that users have e-mailed? ASSP (an open source spam filter I used to use) had an option for this and I thought it worked great for reducing user complaints?
My articles are emailed by Mad Mimi, a mass mailing company owned by GoDaddy – one of the big ones, like Vertical Response and MailChimp.
I just sent tonight’s article to myself – “Rules for Computer and Online Safety.” The sender is brucebnews@bruceb.com – an alias for my mailbox, plus whatever is appended because it’s being sent by a subsidiary of GoDaddy, one of Microsoft’s primary Office 365 partners.
It didn’t even arrive in Junk Mail. It was quarantined. I had to go digging in the admin controls to release it. Are my Office 365 subscribers not going to get instructions about being safe because Microsoft disappears my article?
WTF, Microsoft? This is absurd!
I have a relatively new computer which came with a trial period of McAfee protection. I checked with a computer consultant to see if was necessary to continue the subscription when it ran out. it was his opinion that the computer had built in protection. I’m thinking that this problem of all emails going to spam might connected to the protection service.
Exchange 2019 Mac PBP latest OS 2020, Outlook latest using 365 subscription.
Junk mail no longer working automatically. Says not available for this account. OWA not helpful. Has anything happened at MS? I use Exchange filters for regular incoming like my family and local filters for shorter term incoming like our current construction sites.
For Office/Microsoft 365 accounts, the core decisions are all made on the Exchange Server. To change those, have the Microsoft 365 administrator go to https://protection.office.com/antispam and create a different filter or modify the default policy (or do it via Exchange Powershell for more advanced changes).
I think the simplest and most bang for the buck is to simply change the action for spam and bulk mail to either “Prepend subject line with text” (and then add something like “** Possible spam **”) or “Add X-header,” which allows them to be delivered with no real effort to build a new filter. This leaves “High confidence spam” and all phishing mail headed to the Junk Mail Folder.
Our Office filter is marking as junk, emails from our own domain. This is ridiculous.
I straight up disabled it via PowerShell on my account. Fortunately, I’m a go I am a global admin for our tenant. Not everyone would have this option.
We did the same thing with several mailboxes for our users because this was getting out of hand. Even email addresses and domains that were explicitly whitelisted were sometimes marked as junk. We were constantly having to monitor the junk folder anyway, so it didn’t really make sense to keep it turned on. Now those messages end up in clutter, which makes more sense.
Very much with you on this. Something is very wrong with Microsoft spam filters. It’s as if they’ve given up and mark just about everything as spam, instead relying on you to decide what’s not by whitelisting.
Whitelisting emails or domains has become a must-do over the past 2 years, otherwise the majority of legitimate mail goes to junk. Trouble is, when a new client on-boards with 365, they won’t have all their contacts whitelisted so begins weeks of building a whitelist.
This is not acceptable – get raising it with Microsoft!
I’m having a lot of legitimate email ending up in my junk email. Much of it is from senders I have been receiving email from for years with no problem. Now, the last few months, much of it goes to junk mail for some inexplicable reason.
Same problem here – all our emails to Hotmail/Live etc are marked as Junk – even though our SPF, DKIM etc all checks out – we have to check each clients email and send from our own Hotmail account to get any mail through – most frustrating.
SPL seems to be set at 6.
MS just respond that they are not going to change anything! Our servers are not blacklisted and are dedicated IPs.
I am with you! I am seeing a ton of quarantined emails that passed spf and dkim. I have also seen some spoofing that shouldn’t have passed get through.
I enabled End User Notifications on quarantined spam. That’s about as much as I can do.