Upload
o365infocom
View
219
Download
2
Embed Size (px)
DESCRIPTION
My E-mail appears as a spam - Introduction | Office 365 | Part 1#17 http://o365info.com/my-e-mail-appears-as-a-spam-introduction-office-365-part-1-17 The psychological profile of the phenomenon: “My E-mail appears as a spam!”, possible factors for causing our E-mail to appear a “spam mail”, the definition of internal \ outbound spam. The information is relevant for Office 365 and Exchange Online users but at the same time, most of the information is relevant to all the rest of mail systems. Eyal Doron | o365info.com
Citation preview
Page 1 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
MY E-MAIL APPEARS AS A SPAM –
INTRODUCTION | OFFICE 365 | PART
1#17
This article series is dedicated to the scenario in which our
organization’s user\s, turn to us urgently to solve a critical
issue, which described by our users as: “My E-mail appears as
spam!”
Besides of the uncomfortable feeling in which somebody else
treats our E-mail as – “spam\Junk mail”, the issue is critical
because of the Inability to perform the delivery of an E-mail
Page 2 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
message to the destination recipient, is a serious business
constraint!
In this article series, we will focus on this scenario (“My E-mail
appears as spam!”) in Office 365 and Exchange Online
environment.
Despite that our focus is on “Office 365 environment”, most of
the information that will be provided in this article series, is
relevant to any mail infrastructure beside the very specific
“parts” that will relate to the special charters of Office 365 and
Exchange Online infrastructure.
About the article series
The current article series, include 17 articles. This “number” raises a
possible question:
Q1: Why does it have to be so complicated?
A1: I prefer to use the terms: interesting and challenging. Yes, there
is a lot of information that we need to know about the subject of
internal\outbound spam in an Office 365 environment. How to
recognize such scenario, how to deal with such scenario, what are
the risks involved in this scenario and how to avoid this type of
scenario.
Q2: Do I have to read all the articles in the series?
Page 3 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
A2: No, you don’t. In case that you need to focus on a specific part or
subject that relates to the internal\outbound spam in an Office 365
environment, you can use the article series index:
My E-mail appears as spam | Article series index | Part 0#17
The psychological profile of the phenomenon:
“My E-mail appears as a spam!”
The organization user side of the story.
Our organization user expects us to put out the fire immediately!
In addition, our user’s expectation is that we will spread some “magic
powder”, which will solve the problem immediately!
Page 4 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
The psychological impact on our emotional state
Before we go into a state of panic and start shooting in all directions,
I recommend implementing the following procedure:
1. Take three deep breaths!
2. Close your eyes!
3. Think of something positive!
Page 5 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
A scenario in which our organization users complain about “My E-
mail was identified as spam”, could very easily lead to status of: It
unbalanced emotional state!
The reasons for this state are:
We don’t have an accurate information about the scope of the
phenomenon:
Does the issue happen only once? Does the issue impact a specific
organization user or impact all of our origination users?
Who is the “element” that cause this problem? Is that “element” is – our
user?, our mail server?, the destination mail server?, mysterious black
list?
What are the required troubleshooting steps that we need to
immediately implemented and, who is the person that we need to
contact them will help us to solve this problem?
Page 6 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
Tell “them” to immediately fix the problem!
The main message that we get from our organization users and
especially in cases where the CEO is involved is that – we will need to
tell “them”, to stop immediately to identify our mail as spam mail.
The big question is: who are “them”?
Needless to say, that there is no chance that the problem is caused
because some kind of a problem from “our side”.
It is clear beyond doubt, that the problem is related solely to the
other side!
In case that we are Office 365 and Exchange Online customers, we
are “required” to inform Microsoft that they did something wrong
that leads to a scenario in which our organization E-mail was
identified as spam mail and, that “they” need to fix this problem
immediately (and certainly a threat that we will “leave Office 365”
would not hurt!).
In case that we are not Office 365 customers, or in case that we
couldn’t reach the Office 365 technical support, the next “Factor you
can blame” for our problem is the “destination external receipt” or
the destination mail server.
(This option is less preferred because, in this case, we do not have
anyone we can yell at him, and we cannot threaten anyone).
So what can we do?
In this case, I would like to suggest another hypothesis: is there an
option that we are shooting the wrong direction?
Page 7 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
My meaning is: could you consider that the cause of the problem is
not “them” but instead “us”?
Possible factors that can cause our E-mail to
appear as a “spam mail”
Let’s briefly review possible causes for the problem in which our
organization
E-mail is identified as spam\Junk mail.
Group A – the group of causes that relate to “our organization
user”.
Under this group, a possible causes could be:
Page 8 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
1. A specific E-mail content that violates the standard of “commercial mail”
(marketing E-mail etc.) and, for this reason, the “other side” block the
specific E-mail item.
2. A phenomenon of “bulk mail” in which our organization users send a
specific E-mail message to hundreds or even thousands of recipients.
3. A scenario in which malware takes over a desktop of one of our
organization user and uses his E-mail client or his desktop for sending
out spam\Junk mail.
Group B – the group of causes that relate to “our mail
infrastructure”.
Under this group, a possible causes could be:
1. Mail server, which is controlled by a hostile element which utilizes our
mail server for distribution of spam mail by using our organization
infrastructure.
2. Non-existing SPF record or miss-configured SPF record for our domain
name, that causes a significant reduction in the level of “reliability” of E-
mail that sent by our mail server.
3. False-positive – in the Exchange Online environment each of the E-mails
that is sent from our organization users is sent a spam filter for further
checks and examination.
In case that Exchange Online recognizes an E-mail message that has the
potential to be classified as spam\Junk mail, Exchange Online will route
the E-mail message via a dedicated Exchange server pool.
Because this “special pool” sends out only mail that has the potential of
spam mail, many times this Exchange Online server IP address appears
in a blacklist.
Note – technically, there is always an option in which Exchange Online
will identify by mistake a legitimate E-mail message as a “spam mail”,
sent this mail to the “special Exchange Online server pool” and the
specific E-mail will identified as spam\junk mail by the remote mail
infrastructure.
Page 9 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
Group C – the group of causes that relate to “destination
recipient” or, to the “destination mail infrastructure”.
Under this group, a possible causes could be:
1. False-positive – a scenario in which the destination mail server
identifies by mistake a legitimate E-mail message from our organization
as a “spam mail”.
2. Destination recipient environment – different scenarios that related to
the specific destination recipient environment. For example – mail
client that is used by the destination recipient, which identifies our
organization E-mail message as spam. Another example could be – a
specific security application that is installed on the “destination
recipient desktop” that identifies our organization E-mail message as
spam, etc.
Page 10 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
My mail appears as spam | Causes probability
analyzes.
Now let’s get deeper into the realm of: “my E-mail is identified as
spam causes” and their probability.
There is a famous saying: “If it looks like a duck, swims like a duck,
and quacks like a duck, then it probably is a duck.”
And the point is – most of the time, the main cause for a scenario of:
“my E-mail is identified as spam”, is because the mail includes
charters or behaves like a spam mail!
Most of the “root” problems, is related to our side.
Our side could be translated into:
Our mail infrastructure
The “organization user realm”
Page 11 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
The scenario in which our mail server infrastructure is improperly
configured, or controlled by a hostile element could be realized.
The good news is that in case which our mail infrastructure is hosted
at Office 365 (Exchange Online), the chances of this scenario are very
low.
I think that the chances of this event (compromise of Exchange
Online infrastructure) are even lower than the chances of – winning
the lottery and the hit by a lightning at the same time.
So now, the “pointing finger” goes in the direction of the
“organization user realm”.
Despite our natural tendency to think of our organization users as
“little angels” and, adopt the theory of “everybody are against us!” in
reality, the main cause of the problem is “something” that is related
to our side and, lead to the scenario in which our organization E-mail
was identified as spam mail.
Page 12 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
When we are dealing with the “organization user realm”, the most
common reason for the phenomenon of: “My E-mail appears as
spam!” is an E-mail that improperly written from the perspective of:
“commercial E-mail rules”.
It doesn’t mean that our organization user creates this scenario
deliberately. Most of the time, the reason for improperly written the
E-mail is just the lack of knowledge and awareness of the very strict
commercial E-mail rules.
Another option could be a malware that “abuse” the organization
user mail client. Malware that send E-mail using our organization
user identity and, our mail infrastructure.
This is an additional example for a scenario in which the organization
user is not “deliberately” case the spam problem but despite this, the
“root of the problem” is related to our organization user environment
and, not to the “other side” such as the destination recipient or Office
365 mail infrastructure.
Page 13 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
Our organization responsibility for the
problem of outbound spam E-mail
In a scenario of outbound spam, from the point of view of “external
element” (external recipient, external mail infrastructure, etc.), the
“pointing a finger” is pointed towards the organization and not to the
specific organization user who causes the problem.
In other words: the external mail infrastructures, doesn’t blame a
specific “organization user”. Instead, the responsibility is related to
Page 14 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
the “organization” that should have taken the enquired security
process and procedure for preventing such events.
The definition of internal \ outbound spam
In the current article series, we will mention the many times the
terms:
Internal spam
Outbound spam
My E-mail appears as spam
For this reason, it’s important that we will agree on the definition of
this term before we continue.
Page 15 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam
This is the “result” or, the outcome of a scenario in which some
element “decide” to identify or classify our E-mail as spam\Junk mail.
Inbound spam
The term “inbound spam” is not used often because, most of the
time, we use the shortened form and just say: spam.
The meaning is – a scenario in which a hostile element, such as a
spammer “attack” our organization, by flooding our organization
users will spam mail.
We relate to such a scenario as Inbound spam because, the
“direction” of the spam mail is from “outside” (public network) into
our “private mail infrastructure”.
In the current article series, we will not relate to this type of spam.
Page 16 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
You can read more information about the subject of inbound spam
in the articles:
Dealing with SPAM Mail in Office 365 | Part 1/2
Dealing with SPAM Mail in Office 365 | Server side (Exchange Online) |
Part 2/2
Outbound spam
The term: “outbound spam” as the name suggests, relates to a
scenario, in which mail that is sent from our organizational
infrastructure (our organization users, our organization
E-mail address or, our organization’s mail server) is recognized by
“other side” as spam\junk mail.
In other words, the “direction” is from our mail infrastructure to
external recipient or the external mail infrastructure.
Internal spam versus outbound spam
To be honest, I am not sure if you could find a “formal comparison”
of the term: outbound spam versus the term: internal spam but
instead, I would like to use my own definition.
Page 17 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
When I use the term: “internal spam”, the meaning is: a “real spam
mail” that was generated by our organization users (regardless of the
fact that the act was done maliciously or by mistake).
In simple words, that fact that the mail was identified as spam cannot
consider as a false positive. We will need to invest the resources to
avoid such future scenarios.
When I use the term: “outbound spam”, the meaning could be:
1. “Problematic E-mail” that was sent from our organization and was
recognized as a spam\Junk mail by the “other side”.
2. Legitimate and proper that was sent from our organization and was
recognized as a spam\Junk mail by the “other side”.
The meaning is the fact that the “other side” recognize the E-mail as
spam\Junk mail doesn’t mean that the E-mail is really entitled to be
called: spam\Junk mail.
For example – a scenario in which because of a problem with our SPF
record, the “destination mail server” decide to reject E-mail that was
sent from our organization.
The problem is not with the mail content that considered as spam,
but instead, with a problem of our mail infrastructure (missing SPF
records etc.).
I know the “definition” could be a bit confusing but, my intention was
to emphasize that there is a different scenario that could lead to the
problem of: My E-mail appears as spam!
Page 18 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
Internal \ outbound spam in Office 365
environment | Article series index
A quick reference for the article series
My E-mail appears as a spam | Article
series index | Part 0#17
The article index of the complete
article series
Introduction to the concept of internal \ outbound spam in general
and in Office 365 and Exchange Online environment
My E-mail appears as a spam –
Introduction | Office 365 | Part 1#17
The psychological profile of the
phenomenon: “My E-mail appears as
a spam!”, possible factors for causing
our E-mail to appear a “spam mail”,
the definition of internal \ outbound
spam.
Internal spam in Office 365 –
Introduction | Part 2#17
Review in general the term: “internal \
outbound spam”, miss conceptions
that relate to this term, the risks that
are involved in this scenario,
outbound spam E-mail policy and
more.
Page 19 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
Internal spam in Office 365 –
Introduction | Part 3#17
What are the possible reasons that
could cause to our mail to appear as
spam\junk mail, who or what are this
“elements”, that can decide that our
mail is a spam mail?, what are the
possible “reactions” of the destination
mail infrastructure that identify our E-
mail as spam\junk mail?.
Commercial E-mail – Using the right
tools | Office 365 | Part 4#17
What is commercial E-mail?
Commercial E-mail as part of the
business process. Why do I think that
Office 365\ Exchange Online is
unsuitable for the purpose of
commercial E-mail?
Introduction if the major causes for a scenario in which your
organization E-mail appears as spam
My E-mail appears as spam | The 7
major reasons | Part 5#17
Review three major reasons, that
could lead to a scenario, in which E-
mail that is sent from our
organization identified as spam mail:
1. E-mail content, 2. Violation of the
SMTP standards, 3. Bulk\Mass mail
Page 20 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam | The 7
major reasons | Part 6#17
Review three major reasons, that
could lead to a scenario, in which E-
mail that is sent from our
organization identified as spam mail:
4. False positive, 5. User Desktop
malware, 6. “Problematic” Website
Introduction if the subject of SPF record in general and in Office
365 environment
What is SPF record good for? | Part
7#17
The purpose of the SPF record and the
relation to for our mail infrastructure.
How does the SPF record enable us to
prevent a scenario in which hostile
elements could send E-mail on our
behalf.
Implementing SPF record | Part 8#17
The “technical side” of the SPF record:
the structure of SPF record, the way
that we create SPF record, what is the
required syntax for the SPF record in
an Office 365 environment + mix mail
environment, how to verify the
existence of SPF record and so on.
Page 21 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
Introduction if the subject of Exchange Online - High Risk Delivery
Pool
High Risk Delivery Pool and Exchange
Online | Part 9#17
How Office 365 (Exchange Online) is
handling a scenario of internal \
outbound spam by using the help of
the Exchange Online- High Risk
Delivery Pool.
High Risk Delivery Pool and Exchange
Online | Part 10#17
The second article about the subject
of Exchange Online- High Risk
Delivery Pool.
The troubleshooting path of internal \ outbound spam scenario
My E-mail appears as spam –
Troubleshooting path | Part 11#17
Troubleshooting scenario of internal \
outbound spam in Office 365 and
Exchange Online environment.
Verifying if our domain name is
blacklisted, verifying if the problem is
related to E-mail content, verifying if
the problem is related to specific
organization user E-mail address,
moving the troubleshooting process
to the “other side.
Page 22 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam |
Troubleshooting – Domain name and
E-mail content | Part 12#17 Verify if
our domain name appears as
blacklisted, verify if the problem
relates to a specific E-mail message
content, registering blacklist
monitoring services, activating the
option of Exchange Online outbound
spam.
My E-mail appears as spam |
Troubleshooting – Mail server | Part
13#17
What is the meaning of: “our mail
server”?, Mail server IP, host name
and Exchange Online. One of our
users got an NDR which informs him,
that his mail server is blacklisted!,
How do we know that my mail server
is blacklisted?
My E-mail appears as spam |
Troubleshooting – Mail server | Part
14#17
The troubleshooting path logic. Get
the information from the E-mail
message that was identified as
spam\NDR. Forwarding a copy of the
NDR message or the message that
saved to the junk mail
Page 23 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam |
Troubleshooting – Mail server | Part
15#17
Step B – Get information about your
Exchange Online infrastructure, Step
C – fetch the information about the
Exchange Online IP address, Step D –
verify if the “formal “Exchange Online
IP address a
De-list your organization from a
blacklist | My E-mail appears as spam
| Part 16#17
Review the charters of a scenario in
which your organization appears as
blacklisted. The steps and the
operations that need to be
implemented for de-list your
organization from a blacklist.
Summery and recap of the troubleshooting and best practices in a
scenario of internal \ outbound spam
Dealing and avoiding internal spam |
Best practices | Part 17#17
Provide a short checklist for all the
steps and the operation that relates
to a scenario of – internal \ outbound
spam.