This article series dedicated to the scenario in which our organization’s user\s, turn to us urgently to solve a critical issue, which described by our users as: “My E-mail appears as spam!”
Besides of the uncomfortable feeling in which somebody else treats our E-mail as – “spam \ junk mail”, the issue is critical because of the Inability to perform the delivery of an E-mail to the destination recipient, is a serious business constraint!
In this article series, we will focus on this scenario (“My E-mail appears as spam!”) in Office 365 and Exchange Online environment.
Despite that our focus is on “Office 365 environment”, most of the information that will provide in this article series, is relevant to any mail infrastructure besides the very specific “parts” that will relate to the special charters of Office 365 and Exchange Online infrastructure.
Article Table of content | Click to Expand
Article Series Table of content | Click to Expand
- My E-mail appears as a spam – Introduction | Office 365 | Part 1#17
- Internal spam in Office 365 – Introduction | Part 2#17
- Internal spam in Office 365 – Introduction | Part 3#17
- Commercial E-mail – Using the right tools | Office 365 | Part 4#17
- My E-mail appears as spam | The 7 major reasons | Part 5#17
- My E-mail appears as spam | The 7 major reasons | Part 6#17
- What is SPF record good for? | Part 7#17
- Implementing SPF record | Part 8#17
- High Risk Delivery Pool and Exchange Online | Part 9#17
- High Risk Delivery Pool and Exchange Online | Part 10#17
- My E-mail appears as spam – Troubleshooting path | Part 11#17
- My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17
- My E-mail appears as spam | Troubleshooting – Mail server | Part 13#17
- My E-mail appears as spam | Troubleshooting – Mail server | Part 14#17
- My E-mail appears as spam | Troubleshooting – Mail server | Part 15#17
- De-list your organization from a blacklist | My E-mail appears as spam | Part 16#17
- Dealing and avoiding internal spam | Best practices | Part 17#17
About the article series
The current article series, include 17 articles. This “number” raises a possible question:
Q1: Why does it have to be so complicated?
A1: I prefer to use the terms- exciting and challenging. Yes, there is a lot of information that we need to know about the subject of internal\outbound spam in an Office 365 environment. How to recognize such scenario, how to deal with such situation, what are the risks involved in this scenario and how to avoid this type of scenario.
Q2: Do I have to read all the articles in the series?
A2: No, you don’t. In case that you need to focus on a specific part or subject that relates to the internal\outbound spam in an Office 365 environment, you can use the article series index:
My E-mail appears as spam | Article series index | Part 0#17
The psychological profile of the phenomenon:
“My E-mail appears as a spam!”
The organization user side of the story.
Our organization user expects us to put out the fire immediately!
Also, our user’s expectation is that we will spread some “magic powder”, which will solve the problem immediately!
The psychological impact on our emotional state
Before we go into a state of panic and start shooting in all directions, I recommend implementing the following procedure:
- Take three deep breaths!
- Close your eyes!
- Think of something positive!
A scenario in which our organization users complain about “My E-mail identified as spam,” could very easily lead to the status of – It unbalanced emotional state!
The reasons for this state are:
- We don’t have accurate information about the scope of the phenomenon:
Does the issue happen only once? Does the issue impact a particular organization user or impact all of our origination users?
- Who is the “element” that cause this problem? Is that “element” is – our user? Our mail server?, the destination mail server?, mysterious blacklist?
- What are the required troubleshooting steps, that we need to implement immediately and, who is the person that we need to contact them will help us to solve this problem?
Tell “them” to immediately fix the problem!
The main message that we get from our organization users and especially in cases where the CEO is involved is that – we will need to tell “them,” to stop immediately to identify our mail as spam mail.
The big question is: who are “them”?
Needless to say, that there is no chance that the problem is caused because some kind of a problem from “our side”.
It is evident beyond doubt that the problem is related solely to the other side!
In case that we are Office 365 and Exchange Online customers, we are “required” to inform Microsoft that they did something wrong that leads to a scenario in which our organization E-mail identified as spam mail and, that “they” need to fix this problem immediately (and indeed a threat that we will “leave Office 365” would not hurt!).
In case that we are not Office 365 customers, or in case that we couldn’t reach the Office 365 technical support, the next “Factor you can blame” for our problem is the “destination external receipt” or the target mail server.
(This option is less preferred because, in this case, we do not have anyone we can yell at him, and we cannot threaten anyone).
So what can we do?
In this case, I would like to suggest another hypothesis: is there an option that we are shooting the wrong direction?
My meaning is: could you consider that the cause of the problem is not “them” but instead “us”?
Possible factors that can cause our E-mail to appear as a “spam mail”
Let’s briefly review possible causes for the problem in which our organization
E-mail is identified as spam \ junk mail.
Group A – the group of causes that relate to “our organization user.”
Under this group, possible causes could be:
- An E-mail content that violates the standard of “commercial mail” (marketing E-mail etc.) and, for this reason, the “other side” block the E-mail item.
- A phenomenon of “bulk mail” in which our organization users send E-mail to hundreds or even thousands of recipients.
- A scenario in which malware takes over a desktop of one of our organization user and uses his E-mail client or his desktop for sending out spam \ junk mail.
Group B – the group of causes that relate to “our mail infrastructure.”
Under this group, possible causes could be:
- Mail server, which controlled by a hostile element which utilizes our mail server for distribution of spam mail by using our organization infrastructure.
- Non-existing SPF record or miss-configured SPF record for our domain name, which causes a significant reduction in the level of “reliability” of E-mail that sent by our mail server.
- False-positive – in the Exchange Online environment each of the E-mails that sent from our organization users is sent a spam filter for further checks and examination.
In case that Exchange Online recognizes an E-mail that has the potential to be classified as spam \ junk mail, Exchange Online will route the E-mail via a dedicated Exchange server pool.
Because this “special pool” sends out only mail that has the potential of spam mail, many times this Exchange Online server IP address appears in a blacklist.
Note – technically, there is always an option in which Exchange Online will identify by mistake a legitimate E-mail message as a “spam mail,” sent this E-mail to the “unique Exchange Online server pool” and the particular E-mail will be identified as spam \ junk mail by the remote mail infrastructure.
Group C – the group of causes that relate to “destination recipient” or, to the “destination mail infrastructure.”
Under this group, possible causes could be:
- False-positive – a scenario in which the destination mail server identifies by mistake a legitimate E-mail message from our organization as a “spam mail”.
- Destination recipient environment – different scenarios that related to the specific destination recipient environment. For example – mail client that is used by the destination recipient, which identifies our organization E-mail message as spam. Another example could be – a specific security application that is installed on the “destination recipient desktop” that identifies our organization E-mail message as spam, etc.
My mail appears as spam | Causes probability analyzes.
Now let’s get deeper into the realm of: “my E-mail is identified as spam causes” and their probability.
There is a famous saying: “If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.”
And the point is that most of the time, the primary cause for a scenario of – “my E-mail identified as spam”, is because the mail includes charters or behaves like a spam mail!
Most of the “root” problems, is related to our side.
Our side could translate into:
- Our mail infrastructure
- The “organization user realm”
The scenario in which our mail server infrastructure is improperly configured, or controlled by a hostile element could be realized.
The good news is that in a case which our mail infrastructure hosted at Office 365 (Exchange Online), the chances of this scenario are very low.
I think that the chances of this event (compromise of Exchange Online infrastructure) are even lower than the chances of – winning the lottery and the hit by lightning at the same time.
So now, the “pointing finger” goes in the direction of the “organization user realm”.
Despite our natural tendency to think of our organization users as “little angels” and, adopt the theory of “everybody are against us!” in reality, the primary cause of the problem is “something” that is related to our side and, lead to the scenario in which our organization E-mail identified as spam mail.
When we are dealing with the “organization user realm”, the most common reason for the phenomenon of: “My E-mail appears as spam!” is an E-mail that improperly written from the perspective of: “commercial E-mail rules”.
It doesn’t mean that our organization user creates this scenario deliberately. Most of the time, the reason for improperly written the E-mail is just the lack of knowledge and awareness of the very strict commercial E-mail rules.
Another option could be malware that “abuse” the organization user mail client. Malware that send E-mail using our organization user identity and, our mail infrastructure.
This is an additional example of a scenario in which the organization user is not “deliberately” case the spam problem but despite this, the “root of the problem” is related to our organization user environment and, not to the “other side” such as the destination recipient or Office 365 mail infrastructure.
Our organization responsibility for the problem of outbound spam E-mail
In a scenario of outbound spam, from the point of view of “external element” (external recipient, external mail infrastructure, etc.), the “pointing a finger” is pointed towards the organization and not to the specific organization user who causes the problem.
In other words: the external mail infrastructures, doesn’t blame a particular “organization user”. Instead, the responsibility is related to the “organization” that should have taken the enquired security process and procedure for preventing such events.
The definition of internal \ outbound spam
In the current article series, we will mention the many times the terms:
- Internal spam
- Outbound spam
- My E-mail appears as spam
For this reason, it’s important that we will agree on the definition of this term before we continue.
My E-mail appears as spam
This is the “result” or, the outcome of a scenario in which some element “decide” to identify or classify our E-mail as spam \ junk mail.
The term “inbound spam” is not used often because, most of the time, we use the shortened form and just say: spam.
The meaning is – a scenario in which a hostile element, such as a spammer “attack” our organization, by flooding our organization users will spam mail.
We relate to such a scenario as Inbound spam because the “direction” of the spam mail is from “outside” (public network) into our “private mail infrastructure.”
In the current article series, we will not relate to this type of spam.
The term: “outbound spam” as the name suggests, relates to a scenario, in which mail that is sent from our organizational infrastructure (our organization users, our organization
E-mail address or, our organization’s mail server) is recognized by “other side” as spam \ junk mail.
In other words, the “direction” is from our mail infrastructure to the external recipient or the external mail infrastructure.
Internal spam versus outbound spam
To be honest, I am not sure if you could find a “formal comparison” of the term: outbound spam versus the term: internal spam but instead, I would like to use my own definition.
When I use the term: “internal spam”, the meaning is – a “real spam mail” that was generated by our organization users (regardless of the fact that the act done maliciously or by mistake).
In simple words, that fact that the mail identified as spam cannot consider as a false positive. We will need to invest the resources to avoid such future scenarios.
When I use the term: “outbound spam”, the meaning could be:
- “Problematic E-mail” that was sent from our organization and recognized as a spam \ junk mail by the “other side.”
- Legitimate and proper that sent from our organization and recognized as a spam \ junk mail by the “other side.”
The meaning is the fact that the “other side” recognize the E-mail as spam \ junk mail doesn’t mean that the E-mail is entitled to be defined – spam \ junk mail.
For example – a scenario in which because of a problem with our SPF record, the “destination mail server” decide to reject E-mail that sent from our organization.
The problem is not with the mail content that considered as spam, but instead, with an issue of our mail infrastructure (missing SPF records, etc.).
I know the “definition” could be a bit confusing but, my intention was to emphasize that there is a different scenario that could lead to the problem of – My E-mail appears as spam!
It is important for us to know your opinion on this article