Outlook This might be a phishing message and is potentially unsafe

0

We have developed a support ticket software system that sends emails out to registered users.

In the past this have been fine using Exchange Server. We have now switch over to Office 365 and are using the Exchange Online.

The problem is, now when we receive email from our support ticket, Outlook shows the message.

This might be a phishing message and is potentially unsafe. Links and other functionality have been disabled

I know I can trust the message and the sender to remove this message, but this is really not the fix. I want to figure out why Outlook think this is a phishing message and resolve the issue.

These emails get sent to our customers and I don't want to have to tell them to trust the email or turn of the functionality.

Could it be an issue where the domain in our email doesn't match the sending server?

What checks does outlook do to determine if it is a phishing email?

Adrian Halid

Posted 2015-08-04T10:58:03.387

Reputation: 283

Is it possible for you to determine exactly why is Outlook flagging your emails as phishing ?

It could be from a number of reasons like the SMTP sending the email, some pattern in the content, etc.

I don't think there is a general solution to tell outlook "look, this is not spam / phishing. leave it be". – zain.ali – 2015-08-04T11:07:06.197

Could it be the domains you refer to in the email don't match the domain you are sending from? – albal – 2015-08-04T11:19:01.907

I think it might be domain / IP related as we are halfway in migrating our email accounts from On Premise Exchange server to Cloud Exchange Server (Office 365). I was just hoping I could view the raw email with headers and go through a checklist to make sure everything was set correctly. So essentially I was trying to figure out if it was the "Contents" of the email or the "Headers" of the email I had to troubleshoot. I feel it must be the headers as the content has not changed. – Adrian Halid – 2015-08-04T23:27:00.000

zain.ali was correct below. The issue was due to the contents of the email rather than the server configuration. – Adrian Halid – 2015-08-04T23:51:51.210

Answers

2

It can be very tricky getting around phishing and SPAM detection. Sometimes it is simply the content, sometimes it is receiving the same message over and over. http://www.gn.apc.org/support/outgoing-mail-wrongly-classed-spam-or-phishing-microsoft-software gives a few reasons that are Outlook specific.

One thing easily to check is what the link is for the registration. Is it an IP or hsotname? An IP address would be more suspect than a hostname, and http more than https. So a perfect link would be https://website.yourdomain.com or whatever, with a valid SSL certificate.

zain.ali

Posted 2015-08-04T10:58:03.387

Reputation: 665

What you mean by "link is for the registration". Do you mean the contents of the email such as a link for the user to register? There is really nothing like this in the email. It is general conversation emails where the customer is reporting their issue to us. The customer enters the information in our website and then our staff receives an email with the details. The email is being sent from our server to our staff but outlook disables the links. – Adrian Halid – 2015-08-04T23:21:54.003

1

zain.ali you are correct it was the contents of the email that was the issue. A customer entered the details of web service url that needed troubleshooting. It was using the ip address in the url. They entered something like http://111.222.333.444/MyService?wsdl. If I removed that text or changed it to http://www.myserver.com/MyService?wsdl the warning in outlook went away. It's good to know it was the contents of the email rather then moving the server to Exchange Online (Office 365)

– Adrian Halid – 2015-08-04T23:50:42.700

Asked: 2015-08-04T10:58:03.387

Viewed: 5 924 times

Active: 2015-08-04T11:32:29.817