Page 1 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

MY E-MAIL APPEARS AS A SPAM

INTRODUCTION | OFFICE 365 | PART
1#17

This article series is dedicated to the scenario in which our

organizations user\s, turn to us urgently to solve a critical
issue, which described by our users as: My E-mail appears as
spam!
Besides of the uncomfortable feeling in which somebody else
treats our E-mail as spam\Junk mail, the issue is critical
because of the Inability to perform the delivery of an E-mail
Written by Eyal Doron | o365info.com

Page 2 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

message to the destination recipient, is a serious business

constraint!
In this article series, we will focus on this scenario (My E-mail
appears as spam!) in Office 365 and Exchange Online
environment.
Despite that our focus is on Office 365 environment, most of
the information that will be provided in this article series, is
relevant to any mail infrastructure beside the very specific
parts that will relate to the special charters of Office 365 and
Exchange Online infrastructure.

About the article series

The current article series, include 17 articles. This number raises a
possible question:
Q1: Why does it have to be so complicated?
A1: I prefer to use the terms: interesting and challenging. Yes, there
is a lot of information that we need to know about the subject of
internal\outbound spam in an Office 365 environment. How to
recognize such scenario, how to deal with such scenario, what are
the risks involved in this scenario and how to avoid this type of
scenario.
Q2: Do I have to read all the articles in the series?

Written by Eyal Doron | o365info.com

Page 3 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

A2: No, you dont. In case that you need to focus on a specific part or
subject that relates to the internal\outbound spam in an Office 365
environment, you can use the article series index:
My E-mail appears as spam | Article series index | Part 0#17

The psychological profile of the phenomenon:

My E-mail appears as a spam!
The organization user side of the story.
Our organization user expects us to put out the fire immediately!

In addition, our users expectation is that we will spread some magic

powder, which will solve the problem immediately!

Written by Eyal Doron | o365info.com

Page 4 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

The psychological impact on our emotional state

Before we go into a state of panic and start shooting in all directions,
I recommend implementing the following procedure:
1. Take three deep breaths!
2. Close your eyes!
3. Think of something positive!

Written by Eyal Doron | o365info.com

Page 5 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

A scenario in which our organization users complain about My Email was identified as spam, could very easily lead to status of: It
unbalanced emotional state!

The reasons for this state are:

We dont have an accurate information about the scope of the

phenomenon:
Does the issue happen only once? Does the issue impact a specific
organization user or impact all of our origination users?
Who is the element that cause this problem? Is that element is our
user?, our mail server?, the destination mail server?, mysterious black
list?
What are the required troubleshooting steps that we need to
immediately implemented and, who is the person that we need to
contact them will help us to solve this problem?

Written by Eyal Doron | o365info.com

Page 6 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Tell them to immediately fix the problem!

The main message that we get from our organization users and
especially in cases where the CEO is involved is that we will need to
tell them, to stop immediately to identify our mail as spam mail.
The big question is: who are them?
Needless to say, that there is no chance that the problem is caused
because some kind of a problem from our side.
It is clear beyond doubt, that the problem is related solely to the
other side!
In case that we are Office 365 and Exchange Online customers, we
are required to inform Microsoft that they did something wrong
that leads to a scenario in which our organization E-mail was
identified as spam mail and, that they need to fix this problem
immediately (and certainly a threat that we will leave Office 365
would not hurt!).
In case that we are not Office 365 customers, or in case that we
couldnt reach the Office 365 technical support, the next Factor you
can blame for our problem is the destination external receipt or
the destination mail server.
(This option is less preferred because, in this case, we do not have
anyone we can yell at him, and we cannot threaten anyone).
So what can we do?
In this case, I would like to suggest another hypothesis: is there an
option that we are shooting the wrong direction?

Written by Eyal Doron | o365info.com

Page 7 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

My meaning is: could you consider that the cause of the problem is
not them but instead us?

Possible factors that can cause our E-mail to

appear as a spam mail
Lets briefly review possible causes for the problem in which our
organization
E-mail is identified as spam\Junk mail.
Group A the group of causes that relate to our organization
user.
Under this group, a possible causes could be:

Written by Eyal Doron | o365info.com

Page 8 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

1. A specific E-mail content that violates the standard of commercial mail

(marketing E-mail etc.) and, for this reason, the other side block the
specific E-mail item.
2. A phenomenon of bulk mail in which our organization users send a
specific E-mail message to hundreds or even thousands of recipients.
3. A scenario in which malware takes over a desktop of one of our
organization user and uses his E-mail client or his desktop for sending
out spam\Junk mail.

Group B the group of causes that relate to our mail

infrastructure.
Under this group, a possible causes could be:
1. Mail server, which is controlled by a hostile element which utilizes our
mail server for distribution of spam mail by using our organization
infrastructure.
2. Non-existing SPF record or miss-configured SPF record for our domain
name, that causes a significant reduction in the level of reliability of Email that sent by our mail server.
3. False-positive in the Exchange Online environment each of the E-mails
that is sent from our organization users is sent a spam filter for further
checks and examination.
In case that Exchange Online recognizes an E-mail message that has the
potential to be classified as spam\Junk mail, Exchange Online will route
the E-mail message via a dedicated Exchange server pool.
Because this special pool sends out only mail that has the potential of
spam mail, many times this Exchange Online server IP address appears
in a blacklist.
Note technically, there is always an option in which Exchange Online
will identify by mistake a legitimate E-mail message as a spam mail,
sent this mail to the special Exchange Online server pool and the
specific E-mail will identified as spam\junk mail by the remote mail
infrastructure.

Written by Eyal Doron | o365info.com

Page 9 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Group C the group of causes that relate to destination

recipient or, to the destination mail infrastructure.
Under this group, a possible causes could be:
1. False-positive a scenario in which the destination mail server
identifies by mistake a legitimate E-mail message from our organization
as a spam mail.
2. Destination recipient environment different scenarios that related to
the specific destination recipient environment. For example mail
client that is used by the destination recipient, which identifies our
organization E-mail message as spam. Another example could be a
specific security application that is installed on the destination
recipient desktop that identifies our organization E-mail message as
spam, etc.

Written by Eyal Doron | o365info.com

Page 10 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

My mail appears as spam | Causes probability

analyzes.
Now lets get deeper into the realm of: my E-mail is identified as
spam causes and their probability.
There is a famous saying: If it looks like a duck, swims like a duck,
and quacks like a duck, then it probably is a duck.

And the point is most of the time, the main cause for a scenario of:
my E-mail is identified as spam, is because the mail includes
charters or behaves like a spam mail!
Most of the root problems, is related to our side.
Our side could be translated into:

Our mail infrastructure

The organization user realm
Written by Eyal Doron | o365info.com

Page 11 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

The scenario in which our mail server infrastructure is improperly

configured, or controlled by a hostile element could be realized.
The good news is that in case which our mail infrastructure is hosted
at Office 365 (Exchange Online), the chances of this scenario are very
low.
I think that the chances of this event (compromise of Exchange
Online infrastructure) are even lower than the chances of winning
the lottery and the hit by a lightning at the same time.
So now, the pointing finger goes in the direction of the
organization user realm.

Despite our natural tendency to think of our organization users as

little angels and, adopt the theory of everybody are against us! in
reality, the main cause of the problem is something that is related
to our side and, lead to the scenario in which our organization E-mail
was identified as spam mail.

Written by Eyal Doron | o365info.com

Page 12 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

When we are dealing with the organization user realm, the most
common reason for the phenomenon of: My E-mail appears as
spam! is an E-mail that improperly written from the perspective of:
commercial E-mail rules.
It doesnt mean that our organization user creates this scenario
deliberately. Most of the time, the reason for improperly written the
E-mail is just the lack of knowledge and awareness of the very strict
commercial E-mail rules.
Another option could be a malware that abuse the organization
user mail client. Malware that send E-mail using our organization
user identity and, our mail infrastructure.
This is an additional example for a scenario in which the organization
user is not deliberately case the spam problem but despite this, the
root of the problem is related to our organization user environment
and, not to the other side such as the destination recipient or Office
365 mail infrastructure.

Written by Eyal Doron | o365info.com

Page 13 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Our organization responsibility for the

problem of outbound spam E-mail
In a scenario of outbound spam, from the point of view of external
element (external recipient, external mail infrastructure, etc.), the
pointing a finger is pointed towards the organization and not to the
specific organization user who causes the problem.
In other words: the external mail infrastructures, doesnt blame a
specific organization user. Instead, the responsibility is related to

Written by Eyal Doron | o365info.com

Page 14 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

the organization that should have taken the enquired security

process and procedure for preventing such events.

The definition of internal \ outbound spam

In the current article series, we will mention the many times the
terms:

Internal spam
Outbound spam
My E-mail appears as spam

For this reason, its important that we will agree on the definition of
this term before we continue.

Written by Eyal Doron | o365info.com

Page 15 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

My E-mail appears as spam

This is the result or, the outcome of a scenario in which some
element decide to identify or classify our E-mail as spam\Junk mail.
Inbound spam
The term inbound spam is not used often because, most of the
time, we use the shortened form and just say: spam.
The meaning is a scenario in which a hostile element, such as a
spammer attack our organization, by flooding our organization
users will spam mail.
We relate to such a scenario as Inbound spam because, the
direction of the spam mail is from outside (public network) into
our private mail infrastructure.
In the current article series, we will not relate to this type of spam.

Written by Eyal Doron | o365info.com

Page 16 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

You can read more information about the subject of inbound spam
in the articles:

Dealing with SPAM Mail in Office 365 | Part 1/2

Dealing with SPAM Mail in Office 365 | Server side (Exchange Online) |
Part 2/2

Outbound spam
The term: outbound spam as the name suggests, relates to a
scenario, in which mail that is sent from our organizational
infrastructure (our organization users, our organization
E-mail address or, our organizations mail server) is recognized by
other side as spam\junk mail.
In other words, the direction is from our mail infrastructure to
external recipient or the external mail infrastructure.

Internal spam versus outbound spam

To be honest, I am not sure if you could find a formal comparison
of the term: outbound spam versus the term: internal spam but
instead, I would like to use my own definition.

Written by Eyal Doron | o365info.com

Page 17 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

When I use the term: internal spam, the meaning is: a real spam
mail that was generated by our organization users (regardless of the
fact that the act was done maliciously or by mistake).
In simple words, that fact that the mail was identified as spam cannot
consider as a false positive. We will need to invest the resources to
avoid such future scenarios.
When I use the term: outbound spam, the meaning could be:
1. Problematic E-mail that was sent from our organization and was
recognized as a spam\Junk mail by the other side.
2. Legitimate and proper that was sent from our organization and was
recognized as a spam\Junk mail by the other side.

The meaning is the fact that the other side recognize the E-mail as
spam\Junk mail doesnt mean that the E-mail is really entitled to be
called: spam\Junk mail.
For example a scenario in which because of a problem with our SPF
record, the destination mail server decide to reject E-mail that was
sent from our organization.
The problem is not with the mail content that considered as spam,
but instead, with a problem of our mail infrastructure (missing SPF
records etc.).
I know the definition could be a bit confusing but, my intention was
to emphasize that there is a different scenario that could lead to the
problem of: My E-mail appears as spam!

Written by Eyal Doron | o365info.com

Page 18 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Internal \ outbound spam in Office 365

environment | Article series index
A quick reference for the article series
My E-mail appears as a spam | Article
series index | Part 0#17
The article index of the complete
article series

Introduction to the concept of internal \ outbound spam in general

and in Office 365 and Exchange Online environment
My E-mail appears as a spam
Introduction | Office 365 | Part 1#17
The psychological profile of the
phenomenon: My E-mail appears as
a spam!, possible factors for causing
our E-mail to appear a spam mail,
the definition of internal \ outbound
spam.
Internal spam in Office 365
Introduction | Part 2#17
Review in general the term: internal \
outbound spam, miss conceptions
that relate to this term, the risks that
are involved in this scenario,
outbound spam E-mail policy and
more.

Written by Eyal Doron | o365info.com

Page 19 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Internal spam in Office 365

Introduction | Part 3#17
What are the possible reasons that
could cause to our mail to appear as
spam\junk mail, who or what are this
elements, that can decide that our
mail is a spam mail?, what are the
possible reactions of the destination
mail infrastructure that identify our Email as spam\junk mail?.
Commercial E-mail Using the right
tools | Office 365 | Part 4#17
What is commercial E-mail?
Commercial E-mail as part of the
business process. Why do I think that
Office 365\ Exchange Online is
unsuitable for the purpose of
commercial E-mail?

Introduction if the major causes for a scenario in which your

organization E-mail appears as spam
My E-mail appears as spam | The 7
major reasons | Part 5#17
Review three major reasons, that
could lead to a scenario, in which Email that is sent from our
organization identified as spam mail:
1. E-mail content, 2. Violation of the
SMTP standards, 3. Bulk\Mass mail

Written by Eyal Doron | o365info.com

Page 20 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

My E-mail appears as spam | The 7

major reasons | Part 6#17
Review three major reasons, that
could lead to a scenario, in which Email that is sent from our
organization identified as spam mail:
4. False positive, 5. User Desktop
malware, 6. Problematic Website
Introduction if the subject of SPF record in general and in Office
365 environment
What is SPF record good for? | Part
7#17
The purpose of the SPF record and the
relation to for our mail infrastructure.
How does the SPF record enable us to
prevent a scenario in which hostile
elements could send E-mail on our
behalf.
Implementing SPF record | Part 8#17
The technical side of the SPF record:
the structure of SPF record, the way
that we create SPF record, what is the
required syntax for the SPF record in
an Office 365 environment + mix mail
environment, how to verify the
existence of SPF record and so on.

Written by Eyal Doron | o365info.com

Page 21 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Introduction if the subject of Exchange Online - High Risk Delivery

Pool
High Risk Delivery Pool and Exchange
Online | Part 9#17
How Office 365 (Exchange Online) is
handling a scenario of internal \
outbound spam by using the help of
the Exchange Online- High Risk
Delivery Pool.
High Risk Delivery Pool and Exchange
Online | Part 10#17
The second article about the subject
of Exchange Online- High Risk
Delivery Pool.

The troubleshooting path of internal \ outbound spam scenario

My E-mail appears as spam
Troubleshooting path | Part 11#17
Troubleshooting scenario of internal \
outbound spam in Office 365 and
Exchange Online environment.
Verifying if our domain name is
blacklisted, verifying if the problem is
related to E-mail content, verifying if
the problem is related to specific
organization user E-mail address,
moving the troubleshooting process
to the other side.

Written by Eyal Doron | o365info.com

Page 22 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

My E-mail appears as spam |

Troubleshooting Domain name and
E-mail content | Part 12#17 Verify if
our domain name appears as
blacklisted, verify if the problem
relates to a specific E-mail message
content, registering blacklist
monitoring services, activating the
option of Exchange Online outbound
spam.
My E-mail appears as spam |
Troubleshooting Mail server | Part
13#17
What is the meaning of: our mail
server?, Mail server IP, host name
and Exchange Online. One of our
users got an NDR which informs him,
that his mail server is blacklisted!,
How do we know that my mail server
is blacklisted?
My E-mail appears as spam |
Troubleshooting Mail server | Part
14#17
The troubleshooting path logic. Get
the information from the E-mail
message that was identified as
spam\NDR. Forwarding a copy of the
NDR message or the message that
saved to the junk mail

Written by Eyal Doron | o365info.com

Page 23 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

My E-mail appears as spam |

Troubleshooting Mail server | Part
15#17
Step B Get information about your
Exchange Online infrastructure, Step
C fetch the information about the
Exchange Online IP address, Step D
verify if the formal Exchange Online
IP address a
De-list your organization from a
blacklist | My E-mail appears as spam
| Part 16#17
Review the charters of a scenario in
which your organization appears as
blacklisted. The steps and the
operations that need to be
implemented for de-list your
organization from a blacklist.
Summery and recap of the troubleshooting and best practices in a
scenario of internal \ outbound spam
Dealing and avoiding internal spam |
Best practices | Part 17#17
Provide a short checklist for all the
steps and the operation that relates
to a scenario of internal \ outbound
spam.

Written by Eyal Doron | o365info.com