My e mail appears as spam troubleshooting mail server part 13#17 o365info com
My E-mail appears as spam - Troubleshooting path | Part 11#17
-
Upload
o365infocom -
Category
Documents
-
view
220 -
download
0
description
Transcript of My E-mail appears as spam - Troubleshooting path | Part 11#17
Page 1 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
MY E-MAIL APPEARS AS SPAM –
TROUBLESHOOTING PATH | PART 11#17
The current articles and the next three following articles are
dedicated to the subject of a troubleshooting scenario of
internal \ outbound spam in Office 365 and Exchange Online
environment. In the current article is the focus is on:
“drowning” the path of the troubleshooting processes flow.
The troubleshooting flow includes steps such as:
Step 1 – verifying if our domain name is blacklisted.
Step 2 – verifying if the problem is related to E-mail content.
Step 3 – verifying if the problem is related to specific
organization user E-mail address.
Step 4 – Moving the troubleshooting process to the “other
side.
Page 2 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Additionally, we will briefly review the document that I have
created (Outbound spam – Troubleshooting checklist) for
simplifying the task of troubleshooting documentation, etc.
The characters of troubleshooting
internal \ outbound spam scenario
In a scenario of internal \ outbound spam, we will need to deal
with a number of challenges that relate to the complexity of
such as scenario:
Many components and infrastructure that are involved in the
mail flow.
Many cases that could lead to an “outcome” in which our E-mail
is identified as spam mail.
No clear indication of the reason in which our mail was identified
as spam.
No clear indication for the “element” which “decide” to identify
our organization E-mail as a spam.
Internal spam in Office 365 and Exchange
Online environment | Before we start
Before starting the actual Troubleshooting process, it’s
important that we will be aware to a couple of elements that
relates to internal \ outbound spam scenario:
1. Verify that we have evidence
Page 3 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
The first “station” on our journey, is the “clear evidence” for the
problem.
1. The “clear evidence” could be an NDR that was sent to one of
our organization users, who informs him that his E-mail
message was rejected because his mail considers as spam\Junk
mail.
2. A mail notification from a blacklist monitor service, that inform
us that our organization appears as blacklisted.
3. External receipt, that notifies our organization user that he got
his E-mail message but, the E-mail message was saved in his
junk mail folder (our E-mail message was classified as spam\junk
mail).
2. Point out the responsible side that could cause
the problem
Page 4 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
The “cause” of the problem, in which E-mail that was sent from
our organization is identified as spam, could be related to “our
side” or, to the “other side”.
An example that relates to the “other side” could be a scenario
of false positive a scenario in which our mail is identified by
mistake as spam.
Although that the problem could be related to the “other side”,
in most of the scenarios the basic assumption is that the
problem is related to “our side”.
In simple words: it’s recommended to start the
troubleshooting process begging on “our side of the equation”.
Only when we fulfill our “due diligence” and, verify beyond a
doubt that “we are OK”, then we can start the troubleshooting
steps that will verify the “other side”.
Page 5 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
3. Verifying the “scope” of the internal \ outbound
spam issue
The term: “internal \ outbound spam” is a very general term.
To be able to create a clear troubleshooting path, we need to
start with: defining the scope of the problem.
The worst-case scenario could be a scenario in which our
domain name appears as blacklisted. This scenario considers
as the “worst-case scenario” because, in this case, the problem
will impact all of our organization users.
In case that we verify and find that the “problem scope” is not
related to “domain level”, the next level could be:
A problem that relates to a specific E-mail message (E-mail
content) or, to a specific user from our organization.
Page 6 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
From my experience, many of the internal \ outbound spam
scenario realities to a specific E-mail message content that the
Office 365 users try to send.
In this case, we can very easily locate if the problem is indeed
related to the E-mail message content by sending to the
“destination recipient”, an empty E-mail message.
In case that we also experience the problem when sending the
“empty mail message”, this could be related to a problem with
an E-mail address of a specific user organization.
The next step will be: sending an E-mail message to the
“destination recipient” by using an E-mail address of other
organization user.
For example: if the “original sender” was: [email protected],
send E-mail by using bob E-mail address: [email protected]
In case that we have also emoted this scenario, the rest of the
“troubleshooting path” could be related to the “other side”
meaning, some element\s in the destination recipient mail
infrastructure.
Page 7 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
The internal \ outbound spam
Troubleshooting path
Step 1 – verifying if our domain name is
blacklisted.
Before we start our “troubleshooting journey”, the most
important operation in a scenario of – internal \ outbound
spam is to verify if – our domain name appears as blacklisted.
This is the “worst-case scenario” because this scenario impacts
all of our organization users who use an E-mail address with
our organization domain name.
Page 8 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
In case that the answer is “yes”, meaning our domain name
appears as blacklisted, we need to start with the most
important task: De-list our domain name from the blacklist
In a scenario in which our domain name appears as
blacklisted, we need to find the blacklist\s in which our domain
name appears as blacklisted and, apply a request to be
removed from the blacklist.
Note – You can read more information about the subject of –
de-list our domain name in the article -De-list your
organization from a Blacklist | My E-mail appears as spam |
Part 16#17
Additional tasks that need to be implemented are:
1. In-house investigation – ROC (Root Cause Analyses)
The second task could be described as “in-house
investigation”.
In case that is not a false-positive scenario and, there is a “real
reason” for identifying our domain name as a “problematic
domain”, we need to put all our effort into finding the “root
cause” for the problem.
2. Consider using a blacklist monitor service
This is not a mandatory requirement, but instead, more of a:
best practice.
Using this type of service enables us to identify in real time a
problem in which our domain name appears as blacklisted
and, enables us to be proactive instead of reactive.
Page 9 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Note – you can read more information about the subject of –
blacklist monitor service in the article: My E-mail appears as
spam | Troubleshooting – Domain name and E-mail content
| Part 12#17
Moving on - In case that the answer is: “No”, meaning that our
domain name doesn’t appear as blacklisted, this is actually
“good news” because we prefer the less critical scenarios that
will be reviewed in the next sections.
Step 2 – verifying if the problem is related to E-
mail content.
The most common reason for the scenario in which mail that
was sent from our organization user identified as spam\junk
mail is: the E-mail message content.
Page 10 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
To be able to find out if the problem is related to specific E-
mail message content that appeared in the E-mail message,
we will need to send an “empty E-mail” (no content) to the
destination receipt.
In case that the empty E-mail message was successfully sent to
the destination receipt, we can assume that the problem is
related to the specific E-mail message content.
Additional recommended tasks in a scenario in which we
discover that the problem was realties to the specific E-mail
content are:
1. In-house investigation – ROC (Root Cause Analyses)
Start an “In-house investigation” to find out what part of the
content of the E-mail message is the cause of the problem.
Optional, additional operations:
Page 11 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
2. Using Exchange Online future – outbound spam.
An additional recommended step that we can implement is –
“activating” the Exchange Online option of – outbound spam.
This option will send a notification to the “person that we
indicate” each time that the Exchange Online will recognize E-
mail message that was sent by Office 365 users as a spam \
Junk mail.
Note – You can read more information about the subject of
Exchange Online – outbound spam, in the article: My E-mail
appears as spam | Troubleshooting – Domain name and E-
mail content | Part 12#17
3. Implementing spam score check
This operation is highly recommended because, using a “spam
score” tool will enable us to understand the exact cause of the
problem (the reason to identify the E-mail message as
spam\junk mail).
And additionally in the future, it’s also highly recommended to
perform the spam score before we send out an E-mail
message such as commercial E-mail, etc.
Note – You can read more information about how to
check the spam score in the article: My E-mail appears as
spam | The 7 major reasons | Part 5#17
Page 12 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Moving on - In case that the answer is: “No”, meaning that the
external receipt did not get the “Empty E-mail message”, this
will lead us to the next troubleshooting step, in which we will
need to verify if the problem is related to the specific E-mail
address of our organization recipient .
Step 3 – verifying if the problem is related to
specific organization user E-mail address.
Just a brief summary: as of the current phase, we know that:
Our domain name is not blacklisted.
The issue is not related to a specific content that “appear” in the
E-mail message because even when we sent an “empty E-mail
message”, the E-mail message didn’t reach to the destination
receipt and also; we didn’t get a notification from Exchange
Page 13 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Online about “outgoing mail” that was identified as spam\Junk
mail (assuming that we have activated the outbound spam
option of Exchange Online).
The next “parts” that we need to check in “our side”, is a
scenario in which a specific user from our organization
appears as blacklisted.
To be able to find out if the problem is related to the specific
email address of an organization’s recipient, we will need to
send an E-mail to destination receipt, by using an E-mail
account (other E-mail address) of another organization user.
In case that when using other organization user E-mail
address, the E-mail message was successfully sent to the
destination receipt, we can assume that the problem is related
to the specific E-mail address of our organization user.
Page 14 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Note – Another option is a “problem” on the “other side” (the
destination recipient or the destination recipient mail
infrastructure).
Optional, additional operations:
1. In-house investigation – ROC (Root Cause Analyses)
Start an “In-house investigation” for finding out, what is the
reason in which a specific E-mail address of the organization
user is blacklisted.
Optional, additional operations:
2. Exchange Online – Message trace
In case that we suspect the problem is caused because a “bulk
mail” scenario, in which the organization users “load” external
recipients with a large amount of E-mail messages, we can use
the Exchange Online tool: Message trace, for getting more
detailed information about the user organization user
“activity”.
Additional reading
Run a Message Trace and View Results
Monitoring, reporting, and message tracing in Exchange
Online
Troubleshoot email delivery using the Exchange Online
message trace tool
Page 15 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
3. SPF record
An addition parameter that is important to verify is our
organization SPF record. The verification process could
include:
Verify that we use SPF record, verify the SPF record is
configured correctly, etc.
Note – You can read more information about SPF record
infrastructure in the articles:
What is SPF record good for? | Part 7#17
Implementing SPF record | Part 8#17
Note – the need to verify the organization SPF record, is not
related to a specific “phase” in the troubleshooting process
and practically, you can even start by completing this step at
the begging of the troubleshooting process.
Moving on - In case that the answer is: “No”, meaning the
external receipt did not get an E-mail message that was sent
from the “other organization user”, we will need to move on to
the next troubleshooting step.
Page 16 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Moving the troubleshooting process to
the “other side.
In this phase, we “move” into the territory of the “other side”
meaning: the destination receipt realm.
Because we didn’t manage to point out a specific element
from “our side”, we assume that the reason in which our E-
mail is identified as spam is related to the “other side” of the
equation.
The term “the other side” can be translated into factors that
are related to the specific destination recipient infrastructure
or to the destination recipient mail infrastructure.
Page 17 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
In case that in our scenario the “evidence” for the outbound
spam problem is an NDR message that was sent from the mail
server of the destination receipt, we can “jump” to step 5.
Asking for help from the “other side” | Overcomes
possible obstacles.
Yes, I know it’s not so simple to get help or, asks for help from
the “other side” because we need to overcome a number of
obstacles such as – most of the time it’s not so simple to
contact the destination recipient, many times the destination
recipient is not a “technical person” and so on.
In case that we need to contact the “technical representative”
of the destination recipient, it’s even harder.
Page 18 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
There no way that we can ensures his cooperation throughout
the process because that often, “the other side” has no
interest.
Despite all of this “obstacle,” it’s necessary to understand that
in a scenario of “mail flow” that is implemented using different
mail infrastructure (us and them), it is not always passable to
find the causes of the spam problem, only by Investigating and
troubleshooting “our side” (our Office 365 and Exchange
Online mail infrastructure) of the story.
Step 4 – verifying if the problem is related to
the external receipt environment.
The main charters of this scenario are – E-mail that was sent
from our organization, is reaching to the destination recipient
mailbox but, sent to the junk mail folder.
There could be three major reasons for this issue:
1. Inbox rule – inbox rule (or blocked recipient list) that was
defined by the destination receipt, which classify E-mail message
that was sent from our domain as spam\junk mail.
2. Antivirus or other mail security application, which identifies our
organization user E-mail as spam.
3. Mail application that includes spam filter and identifies our
organization user E-mail as spam.
To be able to verify this option or, to eliminate this option, we
will need to contact the destination recipient and ask for his
help.
Page 19 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
The destination recipient will need to check this option and
update us regarding the results.
In case that we could not find the specific “element” or in case
that we got an NDR message from the destination mail server,
we will need to move to the next troubleshooting step.
Step 5 – verifying if the problem is related to
external receipt mail infrastructure.
In this step, we will need the assistance of a technical person
that manages the mail infrastructure of the “destination
receipt”.
We will need to ask the “technical contact”, to look over the
mail server log or, into his mail security gateway log and try to
locate information about the “event” in which mail that was
sent from our organization was identified as spam and if
possible, the reason for this “identification”
Summary and recap
Page 20 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
In case that you have read all the former articles in this article
series, there were additional troubleshooting steps and
actions that could have been performed such as:
Using online web services that will help us to get our spam
score for a specific E-mail message that we are going to send.
We can combine this steps, as a “preventive action” or as a
part of the troubleshooting flow. This decision about what are
the specific steps that will be included in the internal \
outbound spam troubleshooting flow, is for you to decide,
based on the specific scenario charters, your organization’s
business needs and so on.
Using Outbound spam – Troubleshooting
checklist document
For your convenience, I have created a document that includes
a short troubleshooting checklist for a scenario of internal \
outbound spam.
The purpose of this document is to facilitate the
documentation process and to enable you to get a quick list of
the troubleshooting steps that need to be implemented.
Page 21 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
In the following screenshot, we can see the first part in which
we document the general charters of the scenario.
Despite the fact that it seems obvious, it is very important that
we will have a very accurate and clear scope of the problem:
who is our organization user who reports about the problem,
who is the “destination recipient”, does the problem reported
by many of our organization users or only one and so on.
Page 22 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
The next part is troubleshooting cubes” that includes:
A brief description of the task
A brief description of the purpose of the task
The documentation of the troubleshooting step’s results
Page 23 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Download the: Outbound spam – Troubleshooting
checklist document Download
Find help for office 365 | EOP and spam
Another useful resource that we can use is the “Find help for
office 365”
The “Find help for office 365” is a wizard based
troubleshooting tool that was created for helping us to get the
“right answer” is quick as possible.
In our example, we are dealing with a scenario of internal \
outbound spam.
Page 24 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
In the “first section”, we will choose the relevant Office 365
products. In our scenario its: Exchange Online Protection.
In the section: “what is your question about”, we will
choose: Mail Protection (Spam and Malware)
On the last section: “ok, and which part of that topic specifically?”
we will select the option: user mailbox was blocked for sending
spam
Page 25 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
The “result” is article and information that relate to our specific
problem.
Page 26 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
Internal \ outbound spam in Office 365
environment | Article series index
A quick reference for the article series
My E-mail appears as a spam | Article
series index | Part 0#17
The article index of the complete
article series
Introduction to the concept of internal \ outbound spam in general
and in Office 365 and Exchange Online environment
Page 27 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
My E-mail appears as a spam –
Introduction | Office 365 | Part 1#17
The psychological profile of the
phenomenon: “My E-mail appears as
a spam!”, possible factors for causing
our E-mail to appear a “spam mail”,
the definition of internal \ outbound
spam.
Internal spam in Office 365 –
Introduction | Part 2#17
Review in general the term: “internal \
outbound spam”, miss conceptions
that relate to this term, the risks that
are involved in this scenario,
outbound spam E-mail policy and
more.
Internal spam in Office 365 –
Introduction | Part 3#17
What are the possible reasons that
could cause to our mail to appear as
spam\junk mail, who or what are this
“elements”, that can decide that our
mail is a spam mail?, what are the
possible “reactions” of the destination
mail infrastructure that identify our E-
mail as spam\junk mail?.
Commercial E-mail – Using the right
tools | Office 365 | Part 4#17
What is commercial E-mail?
Commercial E-mail as part of the
business process. Why do I think that
Office 365\ Exchange Online is
Page 28 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
unsuitable for the purpose of
commercial E-mail?
Introduction if the major causes for a scenario in which your
organization E-mail appears as spam
My E-mail appears as spam | The 7
major reasons | Part 5#17
Review three major reasons, that
could lead to a scenario, in which E-
mail that is sent from our
organization identified as spam mail:
1. E-mail content, 2. Violation of the
SMTP standards, 3. Bulk\Mass mail
My E-mail appears as spam | The 7
major reasons | Part 6#17
Review three major reasons, that
could lead to a scenario, in which E-
mail that is sent from our
organization identified as spam mail:
4. False positive, 5. User Desktop
malware, 6. “Problematic” Website
Introduction if the subject of SPF record in general and in Office
365 environment
Page 29 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
What is SPF record good for? | Part
7#17
The purpose of the SPF record and the
relation to for our mail infrastructure.
How does the SPF record enable us to
prevent a scenario in which hostile
elements could send E-mail on our
behalf.
Implementing SPF record | Part 8#17
The “technical side” of the SPF record:
the structure of SPF record, the way
that we create SPF record, what is the
required syntax for the SPF record in
an Office 365 environment + mix mail
environment, how to verify the
existence of SPF record and so on.
Introduction if the subject of Exchange Online - High Risk Delivery
Pool
High Risk Delivery Pool and Exchange
Online | Part 9#17
How Office 365 (Exchange Online) is
handling a scenario of internal \
outbound spam by using the help of
the Exchange Online- High Risk
Delivery Pool.
Page 30 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
High Risk Delivery Pool and Exchange
Online | Part 10#17
The second article about the subject
of Exchange Online- High Risk
Delivery Pool.
The troubleshooting path of internal \ outbound spam scenario
My E-mail appears as spam –
Troubleshooting path | Part 11#17
Troubleshooting scenario of internal \
outbound spam in Office 365 and
Exchange Online environment.
Verifying if our domain name is
blacklisted, verifying if the problem is
related to E-mail content, verifying if
the problem is related to specific
organization user E-mail address,
moving the troubleshooting process
to the “other side.
My E-mail appears as spam |
Troubleshooting – Domain name and
E-mail content | Part 12#17
Verify if our domain name appears as
blacklisted, verify if the problem
relates to a specific E-mail message
content, registering blacklist
monitoring services, activating the
option of Exchange Online outbound
spam.
Page 31 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam |
Troubleshooting – Mail server | Part
13#17
What is the meaning of: “our mail
server”?, Mail server IP, host name
and Exchange Online. One of our
users got an NDR which informs him,
that his mail server is blacklisted!,
How do we know that my mail server
is blacklisted?
My E-mail appears as spam |
Troubleshooting – Mail server | Part
14#17
The troubleshooting path logic. Get
the information from the E-mail
message that was identified as
spam\NDR. Forwarding a copy of the
NDR message or the message that
saved to the junk mail
My E-mail appears as spam |
Troubleshooting – Mail server | Part
15#17
Step B – Get information about your
Exchange Online infrastructure, Step
C – fetch the information about the
Exchange Online IP address, Step D –
verify if the “formal “Exchange Online
IP address a
Page 32 of 32 | My E-mail appears as spam - Troubleshooting path | Part 11#17
Written by Eyal Doron | o365info.com
De-list your organization from a
blacklist | My E-mail appears as spam
| Part 16#17
Review the charters of a scenario in
which your organization appears as
blacklisted. The steps and the
operations that need to be
implemented for de-list your
organization from a blacklist.
Summery and recap of the troubleshooting and best practices in a
scenario of internal \ outbound spam
Dealing and avoiding internal spam |
Best practices | Part 17#17
Provide a short checklist for all the
steps and the operation that relates
to a scenario of – internal \ outbound
spam.