junk email 13 Jul, 2018

why you are in SPAM folder for O365 users

Just learned few new things today, except the “test your config before sending mass mailing”. So I went step by step through the process of identifying why Office 365 is identifying my email as a spam. Let’s see how you can improve your email to avoid arrive in SPAM for Office 365 users.

We won’t go through SPF and all this as you probably know them already and those are super well documented. Once SPF configuration done why is your email still viewed as a spam?

Tools to dig into your SPAM issue

The definite starting point is http://www.howsmy.email/, it provides an email address and it analyze email it receives there. My issue was with user registration when user registered the activation link was in Junk. So I just created a fake user with this email and then got the detail on what was or not ok.

The message looked quite ok there, so I did few more test and identified issue only for Office 365 users. So I had to dig a bit further in that direction.

So open your  Test Connectivity tool by Microsoft that will analyze your headers, it will mainly parse them and for some categories provide you links to article.

https://testconnectivity.microsoft.com/ -> Message Header Analyzer

So just open your email that has been declared as a SPAM and got to File / Properties and copy paste your headers.


Then you have the top level that gives you some insight, but the most interesting part are down so open a tab on https://docs.microsoft.com/en-us/office365/SecurityCompliance/anti-spam-message-headers and compare.

X-Forefront-Antispam-Report: CIP:;IPV:NLI;CTRY:EU;EFV:NLI;SFV:SPM;SFS:……..

In my case the issue was SFV:SPM meaning marked as spam by content filter, so configuration is fine but content of my email is causing issue.

Links too long

So I logged a case at Microsoft to identify what was the issue, and while doing their troubleshooting they pointed me in the right direction. X-Microsoft-Antispam Header has a first tag, un-documented that says URIScan, that is visibly the name of the rule that got the hit. So in my case would be and uri issue, and indeed I had an url in my email to allow users to activate their account, so I moved in that direction.

I was using mass mailing tool (SendInBlue) for those emails to keep track on sent items, who clicked on what etc, and part of the features I was using were click tracking. Meaning sendinblue was changing the registration link in the email for a sendinblue link. The strange part is that MassMailing with sendinblue link were fine (except another issue but small mistake on my side), just this link to activate email where arriving in SPAM folder. So after further digging I identified that the sendinblue link contains an encoding on the final link, as the activation long was already super long, the new link was even longer and containing some sendinblue data.  So to confirm it was the link, I disabled the click tracking feature for those registration email and everything went fine.




Tags: , , , ,

About : philippe

Leave a Reply

Your email address will not be published. Required fields are marked *