my e-mail appears as spam | troubleshooting - domain name and e-mail content | part 12#17

of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail

content | Part 12#17

Written by Eyal Doron | o365info.com

MY E-MAIL APPEARS AS SPAM |

TROUBLESHOOTING – DOMAIN NAME

AND E-MAIL CONTENT | PART 12#17

The current articles and the next three articles, are dedicated

troubleshooting process of the scenario, in which our

organization E-mail appears as a spam mail (internal \

outbound spam).

The current article is dedicated to the most basic and effective

troubleshooting steps in which we verify the following parts:

Verify if our domain name appears as blacklisted.

Verify if the problem relates to a specific E-mail message

content.

In addition, we will also discuss the options of:

Registering blacklist monitoring services.

http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-domain-name-and-e-mail-content-part-12-17


https://il.linkedin.com/in/eyaldoron1

http://o365info.com/




Activating the option of Exchange Online outbound spam.

What is the true meaning of: “My E-mail

appears as spam” in an Office 365

environment?

The initial event that “start” the “internal \ outbound spam

drama”, is a complaint that we get from our organization user,

about the problem in which his E-mail message was identified

as spam\Junk mail by “other recipient”.

When an organization user who says: “my mail” appears as

spam, the true meaning is “our organization E-mail” appear as

a spam because, the user is using our organization mail

infrastructure.

The term: “our organization mail” could be translated into two

possible scenarios:

1. Our organization domain name is blacklisted.

2. Our organization’s mail server is blacklisted.








In Exchange Online environment, the term: “Our organization

mail server”, could be translated into two possible scenarios:

1. The formal IP address of the Exchange Online server which

represents our domain name is blacklisted.

2. E-mail message that was sent from the Exchange Online High

Risk Delivery Pool and “their” IP address is blacklisted.

Implementing an effective troubleshooting

process

One of the most important subjects is a scenario of: internal \

outbound spam in an Office 365 environment is – to be able to

choose the most effective troubleshooting steps that will lead

us to the required solution.

As we have mentioned before a couple of times, in Office 365

and Exchange Online environment, we could face a scenario in

which our domain name will appear as blacklisted but, the








chances for a scenario, in which “our mail server” (our

Exchange Online mail server) could appear as blacklisted are

very low.

The only way that this scenario could be realized is when a

problematic E-mail message that was sent by one of our Office

365 users, and routed to the Exchange Online High Risk

Delivery Pool.

In this case, the NDR that we get from the destination recipient

could point out a problem that relates to “our mail server”

(Exchange Online High Risk Delivery Pool) but the real problem

is related to the E-mail message content, that was sent by the

Office 365 users and not to the IP address that are used by the

Exchange Online High Risk Delivery Pool.

Conclusion








In a scenario in which your organization E-mail is identified as

a spam\Junk mail, allocate most of the troubleshooting effort

in: “step 1 and step 2”.

The meaning is – verify that your domain name is blacklisted

and if so, do all the necessary operations to remove it from the

blacklist and start an “internal investigation” that will help you

to understand, what is the “problem” with the organization E-

mail content that leads to this “unwanted scenario”, in which

your organization E-mail appears as spam\Junk mail.

Most of the time, you will not listen to my advice, and you will

be sure that the main problem is related to the Office 365 mail

servers (Exchange Online).








The resources that you will allocate to this “direction” are quite

useless but, it’s important to me to provide you a detailed

description of: how to implement the troubleshooting steps in

case that we suspect that the internal \ outbound spam issue

relates to a problem in the Exchange Online server.

In case that you think that the issue of internal \

outbound spam is related to the Exchange Online server,

you can read detailed description of the troubleshooting

steps in the following articles:

My E-mail appears as spam | Troubleshooting – Mail

server | Part 13#17


server | Part 14#17


server | Part 15#17

The troubleshooting path of “my E-mail

appears as spam” in an Office 365

environment

In the current article, we will implement the troubleshooting

process by using the following steps:





http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-mail-server-part-13-17









The first operation that we need to implement is – to verify if

our domain name appears as blacklisted and if so, make all

the required arrangements for delisting our domain name.

To prevent such future events we should consider using:

Blacklist monitoring service

Activate the Exchange Online outbound spam option

In case that our domain name doesn’t appear as blacklisted,

we should divert all our resources, to the task of – understand

what was included in the E-mail message (E-mail content) that

was sent by the Office 365 user.

In other words: the E-mail message content, which lead to the

undesirable scenario in which our organization E-mail








identified as spam\Junk mail.

1. Verifying if our organization domain name

appears as blacklisted.

When we say a sentence such as: “my organization appears in

a blacklist!”, the term “organization” is not so clear.

Technically, the term: “organization” can be translated into two

main elements:

1. The organization domain name

2. Our organization’s mail server – the IP address of our

organization’s mail server or, the Host name of our

organization’s mail server.

If we want to make it even more complicated – in an on-

Premises mail environment, it’s easy to “point out” who are our

organization’s mail server but, in Office 365 and Exchange

Online environment, the answer to the questions: who are our

organization’s mail servers, is a little more complicated.








In the current article, we will focus on the task of: looking if

our domain name appears in a blacklist. In the next articles:


server | Part 13#17


server | Part 14#17


server | Part 15#17

We will review the implementation of the

troubleshooting that relates to a scenario in which our

mail server appears as blacklisted.

We suspect that our domain name appears as blacklisted

|Charters of this scenario.














In the current section, we will focus on the first part of – how

to find out if our organization domain name appears on a

blacklist.

There are many public websites, which enable us to check if

our domain name (or the IP address of our mail server)

appears as registered in a well-known blacklist.

My personal preference is to start with the free web service

that is offered by – mxtoolbox website. I love to use this tool

because, this site is very “user-friendly” and professional.

Cross-referencing information about the

blacklists.

It’s important to mention that – the best practice is to check

blacklist information about your organization at least in two

different sites because, each site includes a different blacklist

provides lists.

Find out of our domain name appear as Blacklists | Using

mxtoolbox

In the following section, we will demonstrate how to get

information about a specific domain name by using the

Mxtoolbox web application.

1. Go to the mxtoolbox site and choose the Blacklists menu

(http://mxtoolbox.com/blacklists.aspx)

2. In the box: Server IP or Domain adds your domain name and

chooses: Blacklists check.





http://mxtoolbox.com/

http://mxtoolbox.com/blacklists.aspx

http://mxtoolbox.com/blacklists.aspx




In the following screenshot, we can see the result. In our

scenario, it appears that the domain: o365info.com is “green

and clean” meaning the domain name doesn’t appear in a

well-known blacklist.








As mentioned, the best practice is to crosscheck information,

from several different sources of information.

In the following screenshot, we can see an example on the

additional web site (The complete IP checks for sending

Mailservers - http://multirbl.valli.org/lookup/) that offer the

option of checking, if our domain name appears in a well-

known blacklist.





http://multirbl.valli.org/lookup

http://multirbl.valli.org/lookup

http://multirbl.valli.org/lookup/




Additional reading

The following list, includes an additional web site that

you can use to find out information about your domain

name.

The complete IP check for sending Mailservers

RBL Database Lookup

Blacklist Check

lacklistalert

Additional information





http://multirbl.valli.org/lookup/

https://www.ultratools.com/tools/spamDBLookup

http://www.whatismyip.com/blacklist-check/

http://www.blacklistalert.org/




6 Ways To Find Out If You Are On The Google List Of

Blacklisted Sites

How do I know if I’m on a SPAM Blacklist?

2. Verifying if the problem relates to a specific

E-mail content.

As mentioned, E-mail message content is one of the most

common causes for a scenario of internal \ outbound spam.

Given that we have an element the option of “our domain

name is blacklisted”, the next most reasonable option is – the

option that is related to the specific content of the E-mail





http://www.makeuseof.com/tag/8-ways-find-google-list-blacklisted-sites

http://www.makeuseof.com/tag/8-ways-find-google-list-blacklisted-sites

http://www.pinpointe.com/blog/how-do-i-know-if-im-on-a-spam-blacklist




message that was sent out by our organization user.

The meaning is – E-mail content that violates some

“commercial E-mail rules”, which lead into the scenario in

which the “other side” identifies our E-mail message as spam

mail.

To be able to verify if the issue relates to the “E-mail message

content”, all we need to do, just send again E-mail message to

the same destination recipient, but this time, use a “neutral E-

mail message” or in simple words: an empty E-mail message.

In case that the E-mail message was successfully sent to the

destination recipient, we can “breathe freely” and, know that

our main task now is the “educate” our user about the “right

rules” for commercial E-mail and in addition, monitor our mail

infrastructure to be able to prevent similar events in the

future.








Another option that you can use is to test the spam score of

the E-mail message. You can read more information about the

subject of spam score in the article – My E-mail appears as

spam | The 7 major reasons | Part 5#17

3. “Catch” outbound spam mail Using –

Exchange Online outbound spam (Exchange

Online outbound spam option).

One of our main challenges in internal \ outbound spam

scenario, is the ability to “know” about an event, in which

Exchange Online classifies a specific E-mail message that sent

out by one of our organization users as spam\junk mail.

The good news is that Exchange Online offers us this option!

The Exchange Online feature of outbound spam, enables us as

Exchange Online administrators, to be notified each time

when Exchange Online decides to classify E-mail messages

that were sent by one of the organization users as “spam\junk

mail”.

This option could be very useful for us in case, that we know

or suspect that some of the organization E-mail message

identified a spam\junk mail but we don’t know:

1. Who are the Office 365 users who sent this E-mail Message?





http://o365info.com/my-e-mail-appears-as-spam-the-7-major-reasons-part-5-17/#SUB-1a

http://o365info.com/my-e-mail-appears-as-spam-the-7-major-reasons-part-5-17/#SUB-1a




2. What is the specific E-mail message that identified as spam\junk

mail (the charters of the specific E-mail message)?

Using (activating) of the Exchange Online option: outbound

spam option, is quite simple:

1. 1. In the Exchange Online admin center chose

the protection menu.

2. On the top menu bar: choose the outbound spam menu.

3. In the option box: Send a copy of all suspicious outbound email

messages to the following email address or addresses: add the E-

mail address of the Office 365 recipients (such as the Exchange

Online administrator) that will get a copy of this type of Office

365 E-mails.

4. In the option box: Send a notification to the following email

address or addresses when a sender is blocked from sending

outbound spam: add the E-mail address of the Office 365

recipients (such as the Exchange Online administrator) that will

get a copy of this type of Office 365 E-mails.








Additional reading

Configure the outbound spam policy

Sample notification when a sender is blocked sending

outbound spam

4. Monitor a scenario in which your

organization appears in a blacklist.

Additional option that we could consider is: using some kind of

blacklist monitoring services, that will alert us in case that our

organization appears as blacklisted in well-known blacklists

(our domain name or our mail server IP address).





https://technet.microsoft.com/en-us/library/jj200737(v=exchg.150).aspx

https://technet.microsoft.com/en-us/library/dn600434(v=exchg.150).aspx

https://technet.microsoft.com/en-us/library/dn600434(v=exchg.150).aspx




Q: Does Office 365 or Exchange Online include an option that

will alert me in case that our organization is blacklisted?

A: The answer is: “No”, in the current time Office 365 doesn’t

offer such a service.

There are a couple of “paid services “that offer this type of

services in which your organization domain name and your

mail server IP address will be checked regularly against well-

known blacklists providers.

In case that your domain name or your mail server IP address

appears in one of this blacklist; you will be alerted

immediately.

Q: Why don’t all the organization use this type of services?








A: I’m not sure that I know the right answer but, it looks to me

that there are two main reasons:

1. Lack of knowledge – many IT persons, are not aware of this type

of services and to the importance of this service.

2. Avoiding the cost of purchasing this type of “blacklist monitoring

services”.

I will not convince you to purchase this type of services, but

instead, I want just to awaken your attention: Just take the

time to think about the “cost” of this monitoring service versus

the “business risk” in a scenario in which your domain name is

blacklisted.

What is the total financial loss of a scenario, in which your

organization E-mail message, will not reach their destination?

How long will it take until you are aware of the scenario in which

your organization domain name is blacklisted?

How easy is to implement the process of de-list?

Is there any another damages to a scenario of internal \

outbound spam such as: damage to reputation of the company?








Using a free blacklist monitored service.

One of the options that you can consider, is using a free

blacklist monitoring service that is provided by mxtoolbox.

In the following screenshot, we can see how to access this

service.





http://mxtoolbox.com/services_servermonitoring2.aspx




As we all know, there are no free meals, the “free monitoring

blacklist services” have limited options. In case that you need

more options and capabilities, you will have to purchase paid

service.

In the following screenshot, we can see a comparison chart

that displays what is included in the “free monitor” service

versus the paid plans.

Internal \ outbound spam in Office 365

environment | Article series index








A quick reference for the article series

My E-mail appears as a spam | Article

series index | Part 0#17

The article index of the complete

article series

Introduction to the concept of internal \ outbound spam in general

and in Office 365 and Exchange Online environment

My E-mail appears as a spam –

Introduction | Office 365 | Part 1#17

The psychological profile of the

phenomenon: “My E-mail appears as

a spam!”, possible factors for causing

our E-mail to appear a “spam mail”,

the definition of internal \ outbound

spam.

Internal spam in Office 365 –

Introduction | Part 2#17

Review in general the term: “internal \

outbound spam”, miss conceptions

that relate to this term, the risks that

are involved in this scenario,

outbound spam E-mail policy and

more.





http://o365info.com/my-email-appears-as-a-spam-article-series-index-part-0-17/My%20E-mail%20appears%20as%20a%20spam%20%7C%20Article%20series%20index%20%20%7C%20Part%200#17

http://o365info.com/my-email-appears-as-a-spam-article-series-index-part-0-17/My%20E-mail%20appears%20as%20a%20spam%20%7C%20Article%20series%20index%20%20%7C%20Part%200#17

http://o365info.com/my-e-mail-appears-as-a-spam-introduction-office-365-part-1-17

http://o365info.com/my-e-mail-appears-as-a-spam-introduction-office-365-part-1-17

http://o365info.com/internal-spam-in-office-365-introduction-part-2-17





Internal spam in Office 365 –

Introduction | Part 3#17

What are the possible reasons that

could cause to our mail to appear as

spam\junk mail, who or what are this

“elements”, that can decide that our

mail is a spam mail?, what are the

possible “reactions” of the destination

mail infrastructure that identify our E-

mail as spam\junk mail?.

Commercial E-mail – Using the right

tools | Office 365 | Part 4#17

What is commercial E-mail?

Commercial E-mail as part of the

business process. Why do I think that

Office 365\ Exchange Online is

unsuitable for the purpose of

commercial E-mail?

Introduction if the major causes for a scenario in which your

organization E-mail appears as spam

My E-mail appears as spam | The 7

major reasons | Part 5#17

Review three major reasons, that

could lead to a scenario, in which E-

mail that is sent from our

organization identified as spam mail:

1. E-mail content, 2. Violation of the

SMTP standards, 3. Bulk\Mass mail







http://o365info.com/commercial-e-mail-using-the-right-tools-office-365-part-4-17

http://o365info.com/commercial-e-mail-using-the-right-tools-office-365-part-4-17

http://o365info.com/my-e-mail-appears-as-spam-the-7-major-reasons-part-5-17





My E-mail appears as spam | The 7

major reasons | Part 6#17

Review three major reasons, that

could lead to a scenario, in which E-

mail that is sent from our

organization identified as spam mail:

4. False positive, 5. User Desktop

malware, 6. “Problematic” Website

Introduction if the subject of SPF record in general and in Office

365 environment

What is SPF record good for? | Part

7#17

The purpose of the SPF record and the

relation to for our mail infrastructure.

How does the SPF record enable us to

prevent a scenario in which hostile

elements could send E-mail on our

behalf.

Implementing SPF record | Part 8#17

The “technical side” of the SPF record:

the structure of SPF record, the way

that we create SPF record, what is the

required syntax for the SPF record in

an Office 365 environment + mix mail

environment, how to verify the

existence of SPF record and so on.







http://o365info.com/what-is-spf-record-good-for-part-7-17

http://o365info.com/what-is-spf-record-good-for-part-7-17

http://o365info.com/implementing-spf-record-part-8-17




Introduction if the subject of Exchange Online - High Risk Delivery

Pool

High Risk Delivery Pool and Exchange

Online | Part 9#17

How Office 365 (Exchange Online) is

handling a scenario of internal \

outbound spam by using the help of

the Exchange Online- High Risk

Delivery Pool.

High Risk Delivery Pool and Exchange

Online | Part 10#17

The second article about the subject

of Exchange Online- High Risk

Delivery Pool.

The troubleshooting path of internal \ outbound spam scenario

My E-mail appears as spam –

Troubleshooting path | Part 11#17

Troubleshooting scenario of internal \

outbound spam in Office 365 and

Exchange Online environment.

Verifying if our domain name is

blacklisted, verifying if the problem is

related to E-mail content, verifying if

the problem is related to specific

organization user E-mail address,

moving the troubleshooting process

to the “other side.





http://o365info.com/high-risk-delivery-pool-and-exchange-online-part-9-17




http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-path-part-11-17

http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-path-part-11-17




My E-mail appears as spam |

Troubleshooting – Domain name and

E-mail content | Part 12#17

Verify if our domain name appears as

blacklisted, verify if the problem

relates to a specific E-mail message

content, registering blacklist

monitoring services, activating the

option of Exchange Online outbound

spam.


Troubleshooting – Mail server | Part

13#17

What is the meaning of: “our mail

server”?, Mail server IP, host name

and Exchange Online. One of our

users got an NDR which informs him,

that his mail server is blacklisted!,

How do we know that my mail server

is blacklisted?



14#17

The troubleshooting path logic. Get

the information from the E-mail

message that was identified as

spam\NDR. Forwarding a copy of the

NDR message or the message that

saved to the junk mail



















15#17

Step B – Get information about your

Exchange Online infrastructure, Step

C – fetch the information about the

Exchange Online IP address, Step D –

verify if the “formal “Exchange Online

IP address a

De-list your organization from a

blacklist | My E-mail appears as spam

| Part 16#17

Review the charters of a scenario in

which your organization appears as

blacklisted. The steps and the

operations that need to be

implemented for de-list your

organization from a blacklist.

Summery and recap of the troubleshooting and best practices in a

scenario of internal \ outbound spam

Dealing and avoiding internal spam |

Best practices | Part 17#17

Provide a short checklist for all the

steps and the operation that relates

to a scenario of – internal \ outbound

spam.








http://o365info.com/de-list-your-organization-from-a-blacklist-my-e-mail-appears-as-spam-part-16-17



http://o365info.com/dealing-and-avoiding-internal-spam-best-practices-part-17-17

http://o365info.com/dealing-and-avoiding-internal-spam-best-practices-part-17-17

my e-mail appears as spam | troubleshooting - domain name and e-mail content | part 12#17

Documents