my e-mail appears as spam | troubleshooting - domain name and e-mail content | part 12#17
DESCRIPTION
My E-mail appears as spam | Troubleshooting - Domain name and E-mail content | Part 12#17 http://o365info.com/my-e-mail-appears-as-spam-troubleshooting-domain-name-and-e-mail-content-part-12-17 Verify if our domain name appears as blacklisted, verify if the problem relates to a specific E-mail message content, registering blacklist monitoring services, activating the option of Exchange Online outbound spam. The information is relevant for Office 365 and Exchange Online users but at the same time, most of the information is relevant to all the rest of mail systems. Eyal Doron | o365info.comTRANSCRIPT
Page 1 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
MY E-MAIL APPEARS AS SPAM |
TROUBLESHOOTING – DOMAIN NAME
AND E-MAIL CONTENT | PART 12#17
The current articles and the next three articles, are dedicated
troubleshooting process of the scenario, in which our
organization E-mail appears as a spam mail (internal \
outbound spam).
The current article is dedicated to the most basic and effective
troubleshooting steps in which we verify the following parts:
Verify if our domain name appears as blacklisted.
Verify if the problem relates to a specific E-mail message
content.
In addition, we will also discuss the options of:
Registering blacklist monitoring services.
Page 2 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Activating the option of Exchange Online outbound spam.
What is the true meaning of: “My E-mail
appears as spam” in an Office 365
environment?
The initial event that “start” the “internal \ outbound spam
drama”, is a complaint that we get from our organization user,
about the problem in which his E-mail message was identified
as spam\Junk mail by “other recipient”.
When an organization user who says: “my mail” appears as
spam, the true meaning is “our organization E-mail” appear as
a spam because, the user is using our organization mail
infrastructure.
The term: “our organization mail” could be translated into two
possible scenarios:
1. Our organization domain name is blacklisted.
2. Our organization’s mail server is blacklisted.
Page 3 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
In Exchange Online environment, the term: “Our organization
mail server”, could be translated into two possible scenarios:
1. The formal IP address of the Exchange Online server which
represents our domain name is blacklisted.
2. E-mail message that was sent from the Exchange Online High
Risk Delivery Pool and “their” IP address is blacklisted.
Implementing an effective troubleshooting
process
One of the most important subjects is a scenario of: internal \
outbound spam in an Office 365 environment is – to be able to
choose the most effective troubleshooting steps that will lead
us to the required solution.
As we have mentioned before a couple of times, in Office 365
and Exchange Online environment, we could face a scenario in
which our domain name will appear as blacklisted but, the
Page 4 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
chances for a scenario, in which “our mail server” (our
Exchange Online mail server) could appear as blacklisted are
very low.
The only way that this scenario could be realized is when a
problematic E-mail message that was sent by one of our Office
365 users, and routed to the Exchange Online High Risk
Delivery Pool.
In this case, the NDR that we get from the destination recipient
could point out a problem that relates to “our mail server”
(Exchange Online High Risk Delivery Pool) but the real problem
is related to the E-mail message content, that was sent by the
Office 365 users and not to the IP address that are used by the
Exchange Online High Risk Delivery Pool.
Conclusion
Page 5 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
In a scenario in which your organization E-mail is identified as
a spam\Junk mail, allocate most of the troubleshooting effort
in: “step 1 and step 2”.
The meaning is – verify that your domain name is blacklisted
and if so, do all the necessary operations to remove it from the
blacklist and start an “internal investigation” that will help you
to understand, what is the “problem” with the organization E-
mail content that leads to this “unwanted scenario”, in which
your organization E-mail appears as spam\Junk mail.
Most of the time, you will not listen to my advice, and you will
be sure that the main problem is related to the Office 365 mail
servers (Exchange Online).
Page 6 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
The resources that you will allocate to this “direction” are quite
useless but, it’s important to me to provide you a detailed
description of: how to implement the troubleshooting steps in
case that we suspect that the internal \ outbound spam issue
relates to a problem in the Exchange Online server.
In case that you think that the issue of internal \
outbound spam is related to the Exchange Online server,
you can read detailed description of the troubleshooting
steps in the following articles:
My E-mail appears as spam | Troubleshooting – Mail
server | Part 13#17
My E-mail appears as spam | Troubleshooting – Mail
server | Part 14#17
My E-mail appears as spam | Troubleshooting – Mail
server | Part 15#17
The troubleshooting path of “my E-mail
appears as spam” in an Office 365
environment
In the current article, we will implement the troubleshooting
process by using the following steps:
Page 7 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
The first operation that we need to implement is – to verify if
our domain name appears as blacklisted and if so, make all
the required arrangements for delisting our domain name.
To prevent such future events we should consider using:
Blacklist monitoring service
Activate the Exchange Online outbound spam option
In case that our domain name doesn’t appear as blacklisted,
we should divert all our resources, to the task of – understand
what was included in the E-mail message (E-mail content) that
was sent by the Office 365 user.
In other words: the E-mail message content, which lead to the
undesirable scenario in which our organization E-mail
Page 8 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
identified as spam\Junk mail.
1. Verifying if our organization domain name
appears as blacklisted.
When we say a sentence such as: “my organization appears in
a blacklist!”, the term “organization” is not so clear.
Technically, the term: “organization” can be translated into two
main elements:
1. The organization domain name
2. Our organization’s mail server – the IP address of our
organization’s mail server or, the Host name of our
organization’s mail server.
If we want to make it even more complicated – in an on-
Premises mail environment, it’s easy to “point out” who are our
organization’s mail server but, in Office 365 and Exchange
Online environment, the answer to the questions: who are our
organization’s mail servers, is a little more complicated.
Page 9 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
In the current article, we will focus on the task of: looking if
our domain name appears in a blacklist. In the next articles:
My E-mail appears as spam | Troubleshooting – Mail
server | Part 13#17
My E-mail appears as spam | Troubleshooting – Mail
server | Part 14#17
My E-mail appears as spam | Troubleshooting – Mail
server | Part 15#17
We will review the implementation of the
troubleshooting that relates to a scenario in which our
mail server appears as blacklisted.
We suspect that our domain name appears as blacklisted
|Charters of this scenario.
Page 10 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
In the current section, we will focus on the first part of – how
to find out if our organization domain name appears on a
blacklist.
There are many public websites, which enable us to check if
our domain name (or the IP address of our mail server)
appears as registered in a well-known blacklist.
My personal preference is to start with the free web service
that is offered by – mxtoolbox website. I love to use this tool
because, this site is very “user-friendly” and professional.
Cross-referencing information about the
blacklists.
It’s important to mention that – the best practice is to check
blacklist information about your organization at least in two
different sites because, each site includes a different blacklist
provides lists.
Find out of our domain name appear as Blacklists | Using
mxtoolbox
In the following section, we will demonstrate how to get
information about a specific domain name by using the
Mxtoolbox web application.
1. Go to the mxtoolbox site and choose the Blacklists menu
(http://mxtoolbox.com/blacklists.aspx)
2. In the box: Server IP or Domain adds your domain name and
chooses: Blacklists check.
Page 11 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
In the following screenshot, we can see the result. In our
scenario, it appears that the domain: o365info.com is “green
and clean” meaning the domain name doesn’t appear in a
well-known blacklist.
Page 12 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
As mentioned, the best practice is to crosscheck information,
from several different sources of information.
In the following screenshot, we can see an example on the
additional web site (The complete IP checks for sending
Mailservers - http://multirbl.valli.org/lookup/) that offer the
option of checking, if our domain name appears in a well-
known blacklist.
Page 13 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Additional reading
The following list, includes an additional web site that
you can use to find out information about your domain
name.
The complete IP check for sending Mailservers
RBL Database Lookup
Blacklist Check
lacklistalert
Additional information
Page 14 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
6 Ways To Find Out If You Are On The Google List Of
Blacklisted Sites
How do I know if I’m on a SPAM Blacklist?
2. Verifying if the problem relates to a specific
E-mail content.
As mentioned, E-mail message content is one of the most
common causes for a scenario of internal \ outbound spam.
Given that we have an element the option of “our domain
name is blacklisted”, the next most reasonable option is – the
option that is related to the specific content of the E-mail
Page 15 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
message that was sent out by our organization user.
The meaning is – E-mail content that violates some
“commercial E-mail rules”, which lead into the scenario in
which the “other side” identifies our E-mail message as spam
mail.
To be able to verify if the issue relates to the “E-mail message
content”, all we need to do, just send again E-mail message to
the same destination recipient, but this time, use a “neutral E-
mail message” or in simple words: an empty E-mail message.
In case that the E-mail message was successfully sent to the
destination recipient, we can “breathe freely” and, know that
our main task now is the “educate” our user about the “right
rules” for commercial E-mail and in addition, monitor our mail
infrastructure to be able to prevent similar events in the
future.
Page 16 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Another option that you can use is to test the spam score of
the E-mail message. You can read more information about the
subject of spam score in the article – My E-mail appears as
spam | The 7 major reasons | Part 5#17
3. “Catch” outbound spam mail Using –
Exchange Online outbound spam (Exchange
Online outbound spam option).
One of our main challenges in internal \ outbound spam
scenario, is the ability to “know” about an event, in which
Exchange Online classifies a specific E-mail message that sent
out by one of our organization users as spam\junk mail.
The good news is that Exchange Online offers us this option!
The Exchange Online feature of outbound spam, enables us as
Exchange Online administrators, to be notified each time
when Exchange Online decides to classify E-mail messages
that were sent by one of the organization users as “spam\junk
mail”.
This option could be very useful for us in case, that we know
or suspect that some of the organization E-mail message
identified a spam\junk mail but we don’t know:
1. Who are the Office 365 users who sent this E-mail Message?
Page 17 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
2. What is the specific E-mail message that identified as spam\junk
mail (the charters of the specific E-mail message)?
Using (activating) of the Exchange Online option: outbound
spam option, is quite simple:
1. 1. In the Exchange Online admin center chose
the protection menu.
2. On the top menu bar: choose the outbound spam menu.
3. In the option box: Send a copy of all suspicious outbound email
messages to the following email address or addresses: add the E-
mail address of the Office 365 recipients (such as the Exchange
Online administrator) that will get a copy of this type of Office
365 E-mails.
4. In the option box: Send a notification to the following email
address or addresses when a sender is blocked from sending
outbound spam: add the E-mail address of the Office 365
recipients (such as the Exchange Online administrator) that will
get a copy of this type of Office 365 E-mails.
Page 18 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Additional reading
Configure the outbound spam policy
Sample notification when a sender is blocked sending
outbound spam
4. Monitor a scenario in which your
organization appears in a blacklist.
Additional option that we could consider is: using some kind of
blacklist monitoring services, that will alert us in case that our
organization appears as blacklisted in well-known blacklists
(our domain name or our mail server IP address).
Page 19 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Q: Does Office 365 or Exchange Online include an option that
will alert me in case that our organization is blacklisted?
A: The answer is: “No”, in the current time Office 365 doesn’t
offer such a service.
There are a couple of “paid services “that offer this type of
services in which your organization domain name and your
mail server IP address will be checked regularly against well-
known blacklists providers.
In case that your domain name or your mail server IP address
appears in one of this blacklist; you will be alerted
immediately.
Q: Why don’t all the organization use this type of services?
Page 20 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
A: I’m not sure that I know the right answer but, it looks to me
that there are two main reasons:
1. Lack of knowledge – many IT persons, are not aware of this type
of services and to the importance of this service.
2. Avoiding the cost of purchasing this type of “blacklist monitoring
services”.
I will not convince you to purchase this type of services, but
instead, I want just to awaken your attention: Just take the
time to think about the “cost” of this monitoring service versus
the “business risk” in a scenario in which your domain name is
blacklisted.
What is the total financial loss of a scenario, in which your
organization E-mail message, will not reach their destination?
How long will it take until you are aware of the scenario in which
your organization domain name is blacklisted?
How easy is to implement the process of de-list?
Is there any another damages to a scenario of internal \
outbound spam such as: damage to reputation of the company?
Page 21 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Using a free blacklist monitored service.
One of the options that you can consider, is using a free
blacklist monitoring service that is provided by mxtoolbox.
In the following screenshot, we can see how to access this
service.
Page 22 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
As we all know, there are no free meals, the “free monitoring
blacklist services” have limited options. In case that you need
more options and capabilities, you will have to purchase paid
service.
In the following screenshot, we can see a comparison chart
that displays what is included in the “free monitor” service
versus the paid plans.
Internal \ outbound spam in Office 365
environment | Article series index
Page 23 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
A quick reference for the article series
My E-mail appears as a spam | Article
series index | Part 0#17
The article index of the complete
article series
Introduction to the concept of internal \ outbound spam in general
and in Office 365 and Exchange Online environment
My E-mail appears as a spam –
Introduction | Office 365 | Part 1#17
The psychological profile of the
phenomenon: “My E-mail appears as
a spam!”, possible factors for causing
our E-mail to appear a “spam mail”,
the definition of internal \ outbound
spam.
Internal spam in Office 365 –
Introduction | Part 2#17
Review in general the term: “internal \
outbound spam”, miss conceptions
that relate to this term, the risks that
are involved in this scenario,
outbound spam E-mail policy and
more.
Page 24 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Internal spam in Office 365 –
Introduction | Part 3#17
What are the possible reasons that
could cause to our mail to appear as
spam\junk mail, who or what are this
“elements”, that can decide that our
mail is a spam mail?, what are the
possible “reactions” of the destination
mail infrastructure that identify our E-
mail as spam\junk mail?.
Commercial E-mail – Using the right
tools | Office 365 | Part 4#17
What is commercial E-mail?
Commercial E-mail as part of the
business process. Why do I think that
Office 365\ Exchange Online is
unsuitable for the purpose of
commercial E-mail?
Introduction if the major causes for a scenario in which your
organization E-mail appears as spam
My E-mail appears as spam | The 7
major reasons | Part 5#17
Review three major reasons, that
could lead to a scenario, in which E-
mail that is sent from our
organization identified as spam mail:
1. E-mail content, 2. Violation of the
SMTP standards, 3. Bulk\Mass mail
Page 25 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam | The 7
major reasons | Part 6#17
Review three major reasons, that
could lead to a scenario, in which E-
mail that is sent from our
organization identified as spam mail:
4. False positive, 5. User Desktop
malware, 6. “Problematic” Website
Introduction if the subject of SPF record in general and in Office
365 environment
What is SPF record good for? | Part
7#17
The purpose of the SPF record and the
relation to for our mail infrastructure.
How does the SPF record enable us to
prevent a scenario in which hostile
elements could send E-mail on our
behalf.
Implementing SPF record | Part 8#17
The “technical side” of the SPF record:
the structure of SPF record, the way
that we create SPF record, what is the
required syntax for the SPF record in
an Office 365 environment + mix mail
environment, how to verify the
existence of SPF record and so on.
Page 26 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
Introduction if the subject of Exchange Online - High Risk Delivery
Pool
High Risk Delivery Pool and Exchange
Online | Part 9#17
How Office 365 (Exchange Online) is
handling a scenario of internal \
outbound spam by using the help of
the Exchange Online- High Risk
Delivery Pool.
High Risk Delivery Pool and Exchange
Online | Part 10#17
The second article about the subject
of Exchange Online- High Risk
Delivery Pool.
The troubleshooting path of internal \ outbound spam scenario
My E-mail appears as spam –
Troubleshooting path | Part 11#17
Troubleshooting scenario of internal \
outbound spam in Office 365 and
Exchange Online environment.
Verifying if our domain name is
blacklisted, verifying if the problem is
related to E-mail content, verifying if
the problem is related to specific
organization user E-mail address,
moving the troubleshooting process
to the “other side.
Page 27 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam |
Troubleshooting – Domain name and
E-mail content | Part 12#17
Verify if our domain name appears as
blacklisted, verify if the problem
relates to a specific E-mail message
content, registering blacklist
monitoring services, activating the
option of Exchange Online outbound
spam.
My E-mail appears as spam |
Troubleshooting – Mail server | Part
13#17
What is the meaning of: “our mail
server”?, Mail server IP, host name
and Exchange Online. One of our
users got an NDR which informs him,
that his mail server is blacklisted!,
How do we know that my mail server
is blacklisted?
My E-mail appears as spam |
Troubleshooting – Mail server | Part
14#17
The troubleshooting path logic. Get
the information from the E-mail
message that was identified as
spam\NDR. Forwarding a copy of the
NDR message or the message that
saved to the junk mail
Page 28 of 28 | My E-mail appears as spam | Troubleshooting - Domain name and E-mail
content | Part 12#17
Written by Eyal Doron | o365info.com
My E-mail appears as spam |
Troubleshooting – Mail server | Part
15#17
Step B – Get information about your
Exchange Online infrastructure, Step
C – fetch the information about the
Exchange Online IP address, Step D –
verify if the “formal “Exchange Online
IP address a
De-list your organization from a
blacklist | My E-mail appears as spam
| Part 16#17
Review the charters of a scenario in
which your organization appears as
blacklisted. The steps and the
operations that need to be
implemented for de-list your
organization from a blacklist.
Summery and recap of the troubleshooting and best practices in a
scenario of internal \ outbound spam
Dealing and avoiding internal spam |
Best practices | Part 17#17
Provide a short checklist for all the
steps and the operation that relates
to a scenario of – internal \ outbound
spam.