[AusNOG] Microsoft 365 - Junk Policy (last 2 weeks)

David Rawling djr at pdconsec.net
Fri Mar 31 18:10:26 AEDT 2023 

Hi Luke

I can confirm that we've been seeing quite a lot of this across a
number of Office 365 tenants; both our own and several we manage (I'll
note that I am subscribed to AusNOG from my personal account not the
affected tenant).

As we're one of the affected tenants, we've been able to dig quite
deeply into the behaviour - in our case, it seems to be that almost all
"new" messages in a thread are successfully delivered to us, but once
it becomes a reply-fest it gets junked. There's some thought that it
could be related to one or more links in our signature - not that it's
a particularly large or "spammy" signature, though. No SPF, DMARC or
DKIM failures here. No obvious reasons it would be marked junk - the
SCL is below our threshold, etc.

What's frustrating is that so far, it's only affecting some people in
our tenant. I've not had the problem with messages I send and receive,
but there are others where it's 90% failure. I do have a different
signature file - very different formatting though it looks the same to
the recipient. I was thinking that might be related, but no dice so
far.

So you're not alone but we have absolutely no idea what's breaking.

Dave.
-- 
David Rawling - Principal Consultant
PD Consulting and Security

t: +61 41 213 5513  |  e: djr at pdconsec.net

Please note that whilst we take all care, neither PD Consulting and
Security nor the sender accepts any responsibility for viruses and it
is your responsibility to scan for viruses. The contents are intended
only for use by the addressee and may contain confidential and/or
privileged material. If you received this in error, we request that you
please inform the sender and/or addressee immediately and delete the
material.

On Fri, 2023-03-31 at 16:55 +1100, Luke Thompson wrote:
> Hi all,
> 
> Strange question though curious if anyone's seen the same.
> 
> We've had a range of clients reporting very intense junking behaviour
> with M365, whether sending or receiving, if there's a M365 tenant 
> involved it seems to be hitting Junk for reasons that aren't clear.
> This 
> is with SPF/DKIM/DMARC/etc all passing.
> 
> I'm wondering if potentially a new policy has shipped which is 
> over-reaching somewhat, as no bounce-backs are being received so it's
> a 
> case of delivered-but-not. This is across a range of clients and 
> clients' clients.
> 
> If we'd only heard of this from a single client we'd not think much
> of 
> it, though this is both ways and across a range of tenants. Would be 
> good to know if there's any substance to it.
> 
> As we don't run M365 nor have responsibility for impacted tenants,
> the 
> request here is to check with the IT community. Thank you.
> 
> Cheers,
> Luke
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20230331/6d8012d9/attachment.htm>

More information about the AusNOG mailing list