My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Page 1 of 23 | My E-mail appears as a spam - Introduction | Office 365 | Part 1#17

Written by Eyal Doron | o365info.com

MY E-MAIL APPEARS AS A SPAM –

INTRODUCTION | OFFICE 365 | PART

1#17

This article series is dedicated to the scenario in which our

organization’s user\s, turn to us urgently to solve a critical

issue, which described by our users as: “My E-mail appears as

spam!”

Besides of the uncomfortable feeling in which somebody else

treats our E-mail as – “spam\Junk mail”, the issue is critical

because of the Inability to perform the delivery of an E-mail

http://o365info.com/my-e-mail-appears-as-a-spam-introduction-office-365-part-1-17

https://il.linkedin.com/in/eyaldoron1

http://o365info.com/



message to the destination recipient, is a serious business

constraint!

In this article series, we will focus on this scenario (“My E-mail

appears as spam!”) in Office 365 and Exchange Online

environment.

Despite that our focus is on “Office 365 environment”, most of

the information that will be provided in this article series, is

relevant to any mail infrastructure beside the very specific

“parts” that will relate to the special charters of Office 365 and

Exchange Online infrastructure.

About the article series

The current article series, include 17 articles. This “number” raises a

possible question:

Q1: Why does it have to be so complicated?

A1: I prefer to use the terms: interesting and challenging. Yes, there

is a lot of information that we need to know about the subject of

internal\outbound spam in an Office 365 environment. How to

recognize such scenario, how to deal with such scenario, what are

the risks involved in this scenario and how to avoid this type of

scenario.

Q2: Do I have to read all the articles in the series?






A2: No, you don’t. In case that you need to focus on a specific part or

subject that relates to the internal\outbound spam in an Office 365

environment, you can use the article series index:

My E-mail appears as spam | Article series index | Part 0#17

The psychological profile of the phenomenon:

“My E-mail appears as a spam!”

The organization user side of the story.

Our organization user expects us to put out the fire immediately!

In addition, our user’s expectation is that we will spread some “magic

powder”, which will solve the problem immediately!




http://o365info.com/my-email-appears-as-a-spam-article-series-index-part-0-17



The psychological impact on our emotional state

Before we go into a state of panic and start shooting in all directions,

I recommend implementing the following procedure:

1. Take three deep breaths!

2. Close your eyes!

3. Think of something positive!






A scenario in which our organization users complain about “My E-

mail was identified as spam”, could very easily lead to status of: It

unbalanced emotional state!

The reasons for this state are:

We don’t have an accurate information about the scope of the

phenomenon:

Does the issue happen only once? Does the issue impact a specific

organization user or impact all of our origination users?

Who is the “element” that cause this problem? Is that “element” is – our

user?, our mail server?, the destination mail server?, mysterious black

list?

What are the required troubleshooting steps that we need to

immediately implemented and, who is the person that we need to

contact them will help us to solve this problem?






Tell “them” to immediately fix the problem!

The main message that we get from our organization users and

especially in cases where the CEO is involved is that – we will need to

tell “them”, to stop immediately to identify our mail as spam mail.

The big question is: who are “them”?

Needless to say, that there is no chance that the problem is caused

because some kind of a problem from “our side”.

It is clear beyond doubt, that the problem is related solely to the

other side!

In case that we are Office 365 and Exchange Online customers, we

are “required” to inform Microsoft that they did something wrong

that leads to a scenario in which our organization E-mail was

identified as spam mail and, that “they” need to fix this problem

immediately (and certainly a threat that we will “leave Office 365”

would not hurt!).

In case that we are not Office 365 customers, or in case that we

couldn’t reach the Office 365 technical support, the next “Factor you

can blame” for our problem is the “destination external receipt” or

the destination mail server.

(This option is less preferred because, in this case, we do not have

anyone we can yell at him, and we cannot threaten anyone).

So what can we do?

In this case, I would like to suggest another hypothesis: is there an

option that we are shooting the wrong direction?






My meaning is: could you consider that the cause of the problem is

not “them” but instead “us”?

Possible factors that can cause our E-mail to

appear as a “spam mail”

Let’s briefly review possible causes for the problem in which our

organization

E-mail is identified as spam\Junk mail.

Group A – the group of causes that relate to “our organization

user”.

Under this group, a possible causes could be:






1. A specific E-mail content that violates the standard of “commercial mail”

(marketing E-mail etc.) and, for this reason, the “other side” block the

specific E-mail item.

2. A phenomenon of “bulk mail” in which our organization users send a

specific E-mail message to hundreds or even thousands of recipients.

3. A scenario in which malware takes over a desktop of one of our

organization user and uses his E-mail client or his desktop for sending

out spam\Junk mail.

Group B – the group of causes that relate to “our mail

infrastructure”.


1. Mail server, which is controlled by a hostile element which utilizes our

mail server for distribution of spam mail by using our organization

infrastructure.

2. Non-existing SPF record or miss-configured SPF record for our domain

name, that causes a significant reduction in the level of “reliability” of E-

mail that sent by our mail server.

3. False-positive – in the Exchange Online environment each of the E-mails

that is sent from our organization users is sent a spam filter for further

checks and examination.

In case that Exchange Online recognizes an E-mail message that has the

potential to be classified as spam\Junk mail, Exchange Online will route

the E-mail message via a dedicated Exchange server pool.

Because this “special pool” sends out only mail that has the potential of

spam mail, many times this Exchange Online server IP address appears

in a blacklist.

Note – technically, there is always an option in which Exchange Online

will identify by mistake a legitimate E-mail message as a “spam mail”,

sent this mail to the “special Exchange Online server pool” and the

specific E-mail will identified as spam\junk mail by the remote mail

infrastructure.






Group C – the group of causes that relate to “destination

recipient” or, to the “destination mail infrastructure”.


1. False-positive – a scenario in which the destination mail server

identifies by mistake a legitimate E-mail message from our organization

as a “spam mail”.

2. Destination recipient environment – different scenarios that related to

the specific destination recipient environment. For example – mail

client that is used by the destination recipient, which identifies our

organization E-mail message as spam. Another example could be – a

specific security application that is installed on the “destination

recipient desktop” that identifies our organization E-mail message as

spam, etc.






My mail appears as spam | Causes probability

analyzes.

Now let’s get deeper into the realm of: “my E-mail is identified as

spam causes” and their probability.

There is a famous saying: “If it looks like a duck, swims like a duck,

and quacks like a duck, then it probably is a duck.”

And the point is – most of the time, the main cause for a scenario of:

“my E-mail is identified as spam”, is because the mail includes

charters or behaves like a spam mail!

Most of the “root” problems, is related to our side.

Our side could be translated into:

Our mail infrastructure

The “organization user realm”






The scenario in which our mail server infrastructure is improperly

configured, or controlled by a hostile element could be realized.

The good news is that in case which our mail infrastructure is hosted

at Office 365 (Exchange Online), the chances of this scenario are very

low.

I think that the chances of this event (compromise of Exchange

Online infrastructure) are even lower than the chances of – winning

the lottery and the hit by a lightning at the same time.

So now, the “pointing finger” goes in the direction of the

“organization user realm”.

Despite our natural tendency to think of our organization users as

“little angels” and, adopt the theory of “everybody are against us!” in

reality, the main cause of the problem is “something” that is related

to our side and, lead to the scenario in which our organization E-mail

was identified as spam mail.






When we are dealing with the “organization user realm”, the most

common reason for the phenomenon of: “My E-mail appears as

spam!” is an E-mail that improperly written from the perspective of:

“commercial E-mail rules”.

It doesn’t mean that our organization user creates this scenario

deliberately. Most of the time, the reason for improperly written the

E-mail is just the lack of knowledge and awareness of the very strict

commercial E-mail rules.

Another option could be a malware that “abuse” the organization

user mail client. Malware that send E-mail using our organization

user identity and, our mail infrastructure.

This is an additional example for a scenario in which the organization

user is not “deliberately” case the spam problem but despite this, the

“root of the problem” is related to our organization user environment

and, not to the “other side” such as the destination recipient or Office

365 mail infrastructure.






Our organization responsibility for the

problem of outbound spam E-mail

In a scenario of outbound spam, from the point of view of “external

element” (external recipient, external mail infrastructure, etc.), the

“pointing a finger” is pointed towards the organization and not to the

specific organization user who causes the problem.

In other words: the external mail infrastructures, doesn’t blame a

specific “organization user”. Instead, the responsibility is related to






the “organization” that should have taken the enquired security

process and procedure for preventing such events.

The definition of internal \ outbound spam

In the current article series, we will mention the many times the

terms:

Internal spam

Outbound spam

My E-mail appears as spam

For this reason, it’s important that we will agree on the definition of

this term before we continue.






My E-mail appears as spam

This is the “result” or, the outcome of a scenario in which some

element “decide” to identify or classify our E-mail as spam\Junk mail.

Inbound spam

The term “inbound spam” is not used often because, most of the

time, we use the shortened form and just say: spam.

The meaning is – a scenario in which a hostile element, such as a

spammer “attack” our organization, by flooding our organization

users will spam mail.

We relate to such a scenario as Inbound spam because, the

“direction” of the spam mail is from “outside” (public network) into

our “private mail infrastructure”.

In the current article series, we will not relate to this type of spam.






You can read more information about the subject of inbound spam

in the articles:

Dealing with SPAM Mail in Office 365 | Part 1/2

Dealing with SPAM Mail in Office 365 | Server side (Exchange Online) |

Part 2/2

Outbound spam

The term: “outbound spam” as the name suggests, relates to a

scenario, in which mail that is sent from our organizational

infrastructure (our organization users, our organization

E-mail address or, our organization’s mail server) is recognized by

“other side” as spam\junk mail.

In other words, the “direction” is from our mail infrastructure to

external recipient or the external mail infrastructure.

Internal spam versus outbound spam

To be honest, I am not sure if you could find a “formal comparison”

of the term: outbound spam versus the term: internal spam but

instead, I would like to use my own definition.




http://o365info.com/dealing-with-spam-mail-in-office-365/

http://o365info.com/dealing-spam-mail-office-365-server-side-exchange-online-part-22/

http://o365info.com/dealing-spam-mail-office-365-server-side-exchange-online-part-22/



When I use the term: “internal spam”, the meaning is: a “real spam

mail” that was generated by our organization users (regardless of the

fact that the act was done maliciously or by mistake).

In simple words, that fact that the mail was identified as spam cannot

consider as a false positive. We will need to invest the resources to

avoid such future scenarios.

When I use the term: “outbound spam”, the meaning could be:

1. “Problematic E-mail” that was sent from our organization and was

recognized as a spam\Junk mail by the “other side”.

2. Legitimate and proper that was sent from our organization and was

recognized as a spam\Junk mail by the “other side”.

The meaning is the fact that the “other side” recognize the E-mail as

spam\Junk mail doesn’t mean that the E-mail is really entitled to be

called: spam\Junk mail.

For example – a scenario in which because of a problem with our SPF

record, the “destination mail server” decide to reject E-mail that was

sent from our organization.

The problem is not with the mail content that considered as spam,

but instead, with a problem of our mail infrastructure (missing SPF

records etc.).

I know the “definition” could be a bit confusing but, my intention was

to emphasize that there is a different scenario that could lead to the

problem of: My E-mail appears as spam!






Internal \ outbound spam in Office 365

environment | Article series index

A quick reference for the article series

My E-mail appears as a spam | Article

series index | Part 0#17

The article index of the complete

article series

Introduction to the concept of internal \ outbound spam in general

and in Office 365 and Exchange Online environment

My E-mail appears as a spam –

Introduction | Office 365 | Part 1#17

The psychological profile of the

phenomenon: “My E-mail appears as

a spam!”, possible factors for causing

our E-mail to appear a “spam mail”,

the definition of internal \ outbound

spam.

Internal spam in Office 365 –

Introduction | Part 2#17

Review in general the term: “internal \

outbound spam”, miss conceptions

that relate to this term, the risks that

are involved in this scenario,

outbound spam E-mail policy and

more.




http://o365info.com/my-email-appears-as-a-spam-article-series-index-part-0-17/My%20E-mail%20appears%20as%20a%20spam%20%7C%20Article%20series%20index%20%20%7C%20Part%200#17

http://o365info.com/my-email-appears-as-a-spam-article-series-index-part-0-17/My%20E-mail%20appears%20as%20a%20spam%20%7C%20Article%20series%20index%20%20%7C%20Part%200#17



http://o365info.com/internal-spam-in-office-365-introduction-part-2-17




Internal spam in Office 365 –

Introduction | Part 3#17

What are the possible reasons that

could cause to our mail to appear as

spam\junk mail, who or what are this

“elements”, that can decide that our

mail is a spam mail?, what are the

possible “reactions” of the destination

mail infrastructure that identify our E-

mail as spam\junk mail?.

Commercial E-mail – Using the right

tools | Office 365 | Part 4#17

What is commercial E-mail?

Commercial E-mail as part of the

business process. Why do I think that

Office 365\ Exchange Online is

unsuitable for the purpose of

commercial E-mail?

Introduction if the major causes for a scenario in which your

organization E-mail appears as spam

My E-mail appears as spam | The 7

major reasons | Part 5#17

Review three major reasons, that

could lead to a scenario, in which E-

mail that is sent from our

organization identified as spam mail:

1. E-mail content, 2. Violation of the

SMTP standards, 3. Bulk\Mass mail






http://o365info.com/commercial-e-mail-using-the-right-tools-office-365-part-4-17

http://o365info.com/commercial-e-mail-using-the-right-tools-office-365-part-4-17

http://o365info.com/my-e-mail-appears-as-spam-the-7-major-reasons-part-5-17




My E-mail appears as spam | The 7

major reasons | Part 6#17

Review three major reasons, that

could lead to a scenario, in which E-

mail that is sent from our

organization identified as spam mail:

4. False positive, 5. User Desktop

malware, 6. “Problematic” Website

Introduction if the subject of SPF record in general and in Office

365 environment

What is SPF record good for? | Part

7#17

The purpose of the SPF record and the

relation to for our mail infrastructure.

How does the SPF record enable us to

prevent a scenario in which hostile

elements could send E-mail on our

behalf.

Implementing SPF record | Part 8#17

The “technical side” of the SPF record:

the structure of SPF record, the way

that we create SPF record, what is the

required syntax for the SPF record in

an Office 365 environment + mix mail

environment, how to verify the

existence of SPF record and so on.






http://o365info.com/what-is-spf-record-good-for-part-7-17

http://o365info.com/what-is-spf-record-good-for-part-7-17

http://o365info.com/implementing-spf-record-part-8-17



Introduction if the subject of Exchange Online - High Risk Delivery

Pool

High Risk Delivery Pool and Exchange

Online | Part 9#17

How Office 365 (Exchange Online) is

handling a scenario of internal \

outbound spam by using the help of

the Exchange Online- High Risk

Delivery Pool.

High Risk Delivery Pool and Exchange

Online | Part 10#17

The second article about the subject

of Exchange Online- High Risk

Delivery Pool.

The troubleshooting path of internal \ outbound spam scenario

My E-mail appears as spam –

Troubleshooting path | Part 11#17

Troubleshooting scenario of internal \

outbound spam in Office 365 and

Exchange Online environment.

Verifying if our domain name is

blacklisted, verifying if the problem is

related to E-mail content, verifying if

the problem is related to specific

organization user E-mail address,

moving the troubleshooting process

to the “other side.




http://o365info.com/high-risk-delivery-pool-and-exchange-online-part-9-17




http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-path-part-11-17

http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-path-part-11-17



My E-mail appears as spam |

Troubleshooting – Domain name and

E-mail content | Part 12#17 Verify if

our domain name appears as

blacklisted, verify if the problem

relates to a specific E-mail message

content, registering blacklist

monitoring services, activating the

option of Exchange Online outbound

spam.


Troubleshooting – Mail server | Part

13#17

What is the meaning of: “our mail

server”?, Mail server IP, host name

and Exchange Online. One of our

users got an NDR which informs him,

that his mail server is blacklisted!,

How do we know that my mail server

is blacklisted?



14#17

The troubleshooting path logic. Get

the information from the E-mail

message that was identified as

spam\NDR. Forwarding a copy of the

NDR message or the message that

saved to the junk mail




http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-domain-name-and-e-mail-content-part-12-17



http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-mail-server-part-13-17










15#17

Step B – Get information about your

Exchange Online infrastructure, Step

C – fetch the information about the

Exchange Online IP address, Step D –

verify if the “formal “Exchange Online

IP address a

De-list your organization from a

blacklist | My E-mail appears as spam

| Part 16#17

Review the charters of a scenario in

which your organization appears as

blacklisted. The steps and the

operations that need to be

implemented for de-list your

organization from a blacklist.

Summery and recap of the troubleshooting and best practices in a

scenario of internal \ outbound spam

Dealing and avoiding internal spam |

Best practices | Part 17#17

Provide a short checklist for all the

steps and the operation that relates

to a scenario of – internal \ outbound

spam.







http://o365info.com/de-list-your-organization-from-a-blacklist-my-e-mail-appears-as-spam-part-16-17



http://o365info.com/dealing-and-avoiding-internal-spam-best-practices-part-17-17

http://o365info.com/dealing-and-avoiding-internal-spam-best-practices-part-17-17

Documents

My E-mail appears as a spam - Introduction | Office 365 | Part 1#17