Skip to content

My E-mail appears as spam | Troubleshooting – Domain name and E-mail content | Part 12#17

The current articles and the next three articles dedicated troubleshooting process of the scenario, in which our organization E-mail appears as a spam mail (internal/outbound spam).

The current article devoted to the most essential and efficient troubleshooting steps in which we verify the following parts:

  • Verify if our domain name appears as blacklisted.
  • Verify if the problem relates to a particular E-mail content.

Also, we will also discuss the options of:

  • Registering blacklist monitoring services.
  • Activating the option of Exchange Online outbound spam.

What is the true meaning of: “My E-mail appears as spam” in an Office 365 environment?

The initial event that “start” the “internal/outbound spam drama”, is a complaint that we get from our organization user, about the problem in which his E-mail message identified as spam/junk mail by “other recipient”.

W.”n an organization user who says: “my mail” appears as spam, the actual meaning is “our organization E-mail” look like spam because the user is using our organization mail infrastructure.

My E-mail appears as a spam- in Office 365 environment-01

The term: “our organization mail” could be translated into two possible scenarios:

  1. Our organization domain name is blacklisted.
  2. Our organization’s mail server is blacklisted.
My E-mail appears as a spam- in Office 365 environment -02

In Exchange Online environment, the term: “Our organization mail server”, could be translated into two possible scenarios:

  1. The formal IP address of the Exchange Online server which represents our domain name is blacklisted.
  2. E-mail message that was sent from the Exchange Online High Risk Delivery Pool and “their” IP address is blacklisted.
My E-mail appears as a spam- in Office 365 environment -03

Implementing an effective troubleshooting process

One of the most important subjects is a scenario of: internal \ outbound spam in an Office 365 environment is – to be able to choose the most effective troubleshooting steps that will lead us to the required solution.

As we have mentioned before, in Office 365 and Exchange Online environment, we could face a scenario in which our domain name will appear as blacklisted but, the chances of a scenario, in which “our mail server” (our Exchange Online mail server) could look as blacklisted are slight.

Exchange Online IP address appear as black listed

The only way that this scenario could realize is when a problematic E-mail message that was sent by one of our Office 365 users and routed to the Exchange Online High Risk Delivery Pool.

In this case, the NDR that we get from the destination recipient could point out a problem; that relates to “our mail server” (Exchange Online High Risk Delivery Pool). The real issue is related to the E-mail message content; that sent by the Office 365 users and not to the IP address that used by the Exchange Online High Risk Delivery Pool.

Conclusion

In a scenario in which your organization E-mail identified as a spam \ junk mail, allocate most of the troubleshooting effort in: “step 1 and step 2.”

My E-mail appears as a spam! Troubleshooting logical path -01

The meaning is – verify that your domain name is blacklisted. If so, do all the necessary operations to remove it from the blacklist and start an “internal investigation” that will help you to understand, what is the “problem” with the organization E-mail content that leads to this “unwanted scenario,” in which your organization E-mail appears as spam \ junk mail.

Most of the time, you will not listen to my advice, and you will be sure that the main problem is related to the Office 365 mail servers (Exchange Online).

The resources that you will allocate to this “direction” are quite useless but, it’s important to me to provide you a detailed description of – how to implement the troubleshooting steps in case that we suspect that the internal \ outbound spam issue relates to a problem in the Exchange Online server.

In case that you think that the issue of internal \ outbound spam is related to the Exchange Online server, you can read detailed description of the troubleshooting steps in the following articles:

The troubleshooting path of “my E-mail appears as spam” in an Office 365 environment

In the current article, we will implement the troubleshooting process by using the following steps:

My E-mail appears as a spam! Troubleshooting logical path -02

The first operation that we need to implement is – to verify if our domain name appears as blacklisted and if so, make all the required arrangements for delisting our domain name.

To prevent such future events we should consider using:

  • Blacklist monitoring service
  • Activate the Exchange Online outbound spam option

In case that our domain name doesn’t appear as blacklisted, we should divert all our resources, to the task of – understand what was included in the E-mail message (E-mail content) that was sent by the Office 365 user.

In other words: the E-mail message content, which lead to the undesirable scenario in which our organization E-mail identified as spam/junk mail.

1. Verifying if our organization domain name appears as blacklisted

When we say a sentence such as: “my organization appears in a blacklist!”, the term “organization” is not so clear.

Technically, the term: “organization” can be translated into two main elements:

  1. The organization domain name
  2. Our organization’s mail server – the IP address of our organization’s mail server or, the Host name of our organization’s mail server.
    If we want to make it even more complicated – in on-Premises mail environment, it’s easy to “point out” who are our organization’s mail server. In Office 365 and Exchange Online environment, the answer to the questions – who are our organization’s mail servers, is a little more complicated.
Organization is represented by

In the current article, we will focus on the task of – looking if our domain name appears in a blacklist. In the next articles:

We will review the implementation of the troubleshooting that relates to a scenario in which our mail server appears as blacklisted.

We suspect that our domain name appears as blacklisted |Charters of this scenario.

In the current section, we will focus on the first part of – how to find out if our organization domain name appears on a blacklist.

There are many public websites, which enable us to check if our domain name (or the IP address of our mail server) appears as registered in a well-known blacklist.

My personal preference is to start with the free web service that is offered by the website MxToolbox. I love to use this tool because this site is very “user-friendly” and professional.

Cross-referencing information about the blacklists

It’s important to mention that – the best practice is to check blacklist information about your organization at least in two different sites because, each site includes a different blacklist provides lists.

Find out of our domain name appear as Blacklists | Using MxToolbox

In the following section, we will demonstrate how to get information about a particular domain name by using the MxToolbox web application.

1. Go to the MxToolbox site and choose the Blacklists menu.

2. In the box: Server IP or Domain adds your domain name and chooses: Blacklists check.

Verifying if my domain is blacklisted -01

In the following screenshot, we can see the result. In our scenario, it appears that the domain: o365info.com is “green and clean” meaning the domain name doesn’t appear in a well-known blacklist.

Verifying if my domain is blacklisted -02

As mentioned, the best practice is to crosscheck information, from several different sources of information.

In the following screenshot, we can see an example on the additional web site (The complete IP checks for sending Mailservers) that offers the option of checking, if our domain name appears in a well-known blacklist.

Verifying if my domain is blacklisted -03

2. Verifying if the problem relates to a specific E-mail content

As mentioned, E-mail message content is one of the most common causes for a scenario of internal/outbound spam.

Verifying if the spam relates to a specific E-mail content

Given that we have an element the option of “our domain name is blacklisted”, the next most reasonable option is – the option that is related to the specific content of the E-mail message that was sent out by our organization user.
The meaning is – E-mail content that violates some “commercial E-mail rules”, which lead into the scenario in which the “other side” identifies our E-mail message as spam mail.

To be able to verify if the issue relates to the “E-mail message content,” all we need to do, just send an again E-mail to the same destination recipient, but this time, use a “neutral E-mail message” or in simple words: an empty E-mail message.

In case that the E-mail successfully sent to the destination recipient, we can “breathe freely” and, know that our primary task now is the “educate” our user about the “right rules” for commercial E-mail. Also, monitor our mail infrastructure to be able to prevent similar events in the future.

Educate our user about the right rules for commercial E-mail

Another option that you can use is to test the spam score of the E-mail message. You can read more information about the subject of spam score in the article – My E-mail appears as spam | The 7 major reasons | Part 5#17

3. “Catch” outbound spam mail Using – Exchange Online outbound spam (Exchange Online outbound spam option)

One of our main challenges in internal/outbound spam scenario, is the ability to “know” about an event, in which Exchange Online classifies a specific E-mail message that sent out by one of our organization users as spam/junk mail.

The good news is that Exchange Online offers us this option!

The Exchange Online feature of outbound spam, enables us as Exchange Online administrators, to be notified each time when Exchange Online decides to classify E-mail messages that sent by one of the organization users as “spam/junk mail.”

This option could be very useful for us in case, that we know or suspect that some of the organization E-mail message identified a spam/junk mail, but we don’t know:

  1. Who are the Office 365 users who sent this E-mail Message?
  2. What is the specific E-mail message that identified as spam/junk mail (the charters of the specific E-mail message)?

Using (activating) of the Exchange Online option: outbound spam option, is quite simple:

  1. In the Exchange Online admin center chose the protection menu.
  2. On the top menu bar: choose the outbound spam menu.
Exchange Online outbound spam
  1. In the option box: Send a copy of all suspicious outbound email messages to the following email address or addresses: add the E-mail address of the Office 365 recipients (such as the Exchange Online administrator) that will get a copy of this type of Office 365 E-mails.
  2. In the option box: Send a notification to the following email address or addresses when a sender is blocked from sending outbound spam: add the E-mail address of the Office 365 recipients (such as the Exchange Online administrator) that will get a copy of this type of Office 365 E-mails.
Exchange Online -outbound spam 02

4. Monitor a scenario in which your organization appears in a blacklist

Additional option that we could consider is: using some kind of blacklist monitoring services, that will alert us in case that our organization appears as blacklisted in well-known blacklists (our domain name or our mail server IP address).

Monitor your black list status

Q: Does Office 365 or Exchange Online include an option that will alert me in case that our organization is blacklisted?

A: The answer is: “No”, in the current time Office 365 doesn’t offer such a service.

There are a couple of “paid services “that provide this type of services in which your organization domain name and your mail server IP address will be checked regularly against well-known blacklists providers.
In case that your domain name or your mail server IP address appears in one of this blacklist; you will be alerted immediately.

Q: Why don’t all the organization use this type of services?

A: I’m not sure that I know the right answer but, it looks to me that there are two main reasons:

  1. Lack of knowledge – many IT persons, are not aware of this type of services and to the importance of this service.
  2. Avoiding the cost of purchasing this kind of “blacklist monitoring services”.

I will not convince you to purchase this type of services, but instead, I want just to awaken your attention: Just take the time to think about the “cost” of this monitoring service vs. the “business risk” in a scenario in which your domain name blacklisted.

  • What is the total financial loss of a scenario, in which your organization E-mail message, will not reach their destination?
  • How long will it take until you are aware of the scenario in which your organization domain name is blacklisted?
  • How easy is to implement the process of de-list?
  • Is there any another damages to a scenario of internal \ outbound spam such as: damage to reputation of the company?
Cost-benefit - Purchase Black list monitoring services

Using a free blacklist monitored service.

One of the options that you can consider, is using a free blacklist monitoring service that is provided by MxToolbox.

In the following screenshot, we can see how to access this service.

Blacklist monitor services -01

As we all know, there are no free meals; the “free monitoring blacklist services” have limited options. In case that you need more options and capabilities, you will have to purchase paid service.

In the following screenshot, we can see a comparison chart that displays what included in the “free monitor” service vs. the paid plans.

Blacklist monitor services -02
o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *