[AusNOG] Microsoft 365 - Junk Policy (last 2 weeks)

Luke Thompson luke.t at tncrew.com.au
Mon Apr 3 10:25:23 AEST 2023 

Hi all,

Thanks for the consensus here, it's good to know we're not alone. It 
seems the impact is being realised by more people into this week.

We've now had clients in the health space flag this - they want links to 
official alerts acknowledging the issue at Microsoft's end.

It doesn't seem Microsoft have done so as yet. I've BCC'd a contact from 
Microsoft (from mailop) to see if they write back.

Hopefully the rulesets(?) are rolled back or modified so the impact 
abates. It's becoming quite a noisy issue now.

Cheers,
Luke

On 3/4/2023 9:44 am, Walker, Bill (Christchurch) wrote:
>
> Hi Luke/Dave,
>
> Happening to 3 (out of 5) tenants I manage too, along with my personal 
> mail that uses outlook.com
>
> Thanks,
>
> Bill
>
> *Bill Walker*| Manager, Regional Networks | Stantec | Mobile: +64 21 
> 241 7206
>
> *From:*AusNOG <ausnog-bounces at lists.ausnog.net> *On Behalf Of *David 
> Rawling
> *Sent:* Friday, 31 March 2023 8:10 pm
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Microsoft 365 - Junk Policy (last 2 weeks)
>
> Hi Luke
>
> I can confirm that we've been seeing quite a lot of this across a 
> number of Office 365 tenants; both our own and several we manage (I'll 
> note that I am subscribed to AusNOG from my personal account not the 
> affected tenant).
>
> As we're one of the affected tenants, we've been able to dig quite 
> deeply into the behaviour - in our case, it seems to be that almost 
> all "new" messages in a thread are successfully delivered to us, but 
> once it becomes a reply-fest it gets junked. There's some thought that 
> it could be related to one or more links in our signature - not that 
> it's a particularly large or "spammy" signature, though. No SPF, DMARC 
> or DKIM failures here. No obvious reasons it would be marked junk - 
> the SCL is below our threshold, etc.
>
> What's frustrating is that so far, it's only affecting some people in 
> our tenant. I've not had the problem with messages I send and receive, 
> but there are others where it's 90% failure. I do have a different 
> signature file - very different formatting though it looks the same to 
> the recipient. I was thinking that might be related, but no dice so far.
>
> So you're not alone but we have absolutely no idea what's breaking.
>
> Dave.
>
> -- 
>
> David Rawling - Principal Consultant
> PD Consulting and Security
>
> t: +61 41 213 5513  |  e: djr at pdconsec.net <mailto:djr at pdconsec.net>
>
> Please note that whilst we take all care, neither PD Consulting and 
> Security nor the sender accepts any responsibility for viruses and it 
> is your responsibility to scan for viruses. The contents are intended 
> only for use by the addressee and may contain confidential and/or 
> privileged material. If you received this in error, we request that 
> you please inform the sender and/or addressee immediately and delete 
> the material.
>
> On Fri, 2023-03-31 at 16:55 +1100, Luke Thompson wrote:
>
>     Hi all,
>
>     Strange question though curious if anyone's seen the same.
>
>     We've had a range of clients reporting very intense junking behaviour
>
>     with M365, whether sending or receiving, if there's a M365 tenant
>
>     involved it seems to be hitting Junk for reasons that aren't
>     clear. This
>
>     is with SPF/DKIM/DMARC/etc all passing.
>
>     I'm wondering if potentially a new policy has shipped which is
>
>     over-reaching somewhat, as no bounce-backs are being received so
>     it's a
>
>     case of delivered-but-not. This is across a range of clients and
>
>     clients' clients.
>
>     If we'd only heard of this from a single client we'd not think
>     much of
>
>     it, though this is both ways and across a range of tenants. Would be
>
>     good to know if there's any substance to it.
>
>     As we don't run M365 nor have responsibility for impacted tenants,
>     the
>
>     request here is to check with the IT community. Thank you.
>
>     Cheers,
>
>     Luke
>
>     _______________________________________________
>
>     AusNOG mailing list
>
>     AusNOG at lists.ausnog.net
>
>     https://lists.ausnog.net/mailman/listinfo/ausnog
>     <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ausnog.net%2Fmailman%2Flistinfo%2Fausnog&data=05%7C01%7Cbill.walker2%40stantec.com%7Cfdef8e31187c4e59995108db31b7097a%7C413c6f2c219a469297d3f2b4d80281e7%7C0%7C0%7C638158434434627152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=94mZYsIgZkwTGu485JjxfKB1qNaQLTHmaQlXCNgXOks%3D&reserved=0>
>
> * Caution:*This email originated from outside of Stantec. Please take 
> extra precaution.
>
> * Attention:*Ce courriel provient de l'extérieur de Stantec. Veuillez 
> prendre des précautions supplémentaires.
>
> * Atención: *Este correo electrónico proviene de fuera de Stantec. Por 
> favor, tome precauciones adicionales.
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20230403/b5debfd6/attachment.htm>

More information about the AusNOG mailing list