MS are notorious for blacklisting IP ranges from providers like Linode, which makes it impossible for a small biz to run its own commercial system.
I'm not surprised they also keyword block, because Outlook flags Microsoft's own marketing messages as spam.
There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies.
MS, Meta, Amazon, YouTube and Apple all have policies that can nuke SMEs on a whim without consequences, often without even noticing, after their algorithms make a wrong decision about imaginary "abuse".
> There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies
Agreed. I think the problem is mainly that communicating what is wrong in a way that politicians can understand is difficult, and the people who governments hire to make them understand, are not incentivised to do so here (they're typically corporate types, good at ticking boxes, not so good at technology).
Making the EU understand issues such as why Apple's monopoly is a bad thing is easy in comparison, because everybody has a phone and everybody understands "shops". Even so, I'm impressed that went the way it did. I don't have much hope for politicians understanding what MS et al. are doing to mail though.
Yeah, this is kind of the point. I'm not sure there's even a legal process for this as this is entirely under MS (opaque) internal control and we're not even based on the US.
This is about Microsoft, a corporation so giant and unaccountable that
it's able to hide behind complexity. The OP's email issues may even be
a non-malicious expression of that complexity. Nonetheless, the result
is opaque power, from which European tech must rapidly divest
dependency.
But there is a larger pattern to acknowledge here. It's about
unaccountable digital privilege and the ability to wield technology
for capricious harm.
This week I've been interviewing US government tech workers about the
misuse of the SSA "master death file". If you're in this file you're
digitally "deleted from society", after which all credit cards are
automatically cancelled, bank accounts frozen, so one cannot get paid,
see a doctor, travel or function in US society. DOGE are actively
working to consolidate and centralising systems to make it "easier" to
nudge undesirables to "self-deport".
In order to do this, huge amounts of illegal activity are already
afoot, but most people, including judges, are not technically able to
comprehend what is being done or what technofascism looks like.
If we want a "Bill of Bytes", it is going to need some very wise and
far sighted thinkers who understand the nature of digital harms, and
it will need to apply as much to governments and individuals as to
private enterprise.
Existing "cyberlaw", including things like "computer misuse" are
looking decidedly stone-age in the face of 21st century "layer-8/9"
threats.
> …”the SSA "master death file". If you're in this file you're digitally "deleted from society", after which all credit cards are automatically cancelled, bank accounts frozen, so one cannot get paid, see a doctor, travel or function in US society.”
That is the general idea and working theory, but in practice experience has taught me that the MDF doesn’t actually reliably perform this function. As always, it comes down to implementation.
I’ve handled the estates of multiple deceased members of my family, and in that capacity I have witnessed that the result of your death being reported to SSA varies wildly even across businesses in the same industry.
My favorite is ISPs. At least two of the major national ones don’t actually seem to close accounts upon death, even if notified, with no services active and the account settled to $0.
I still receive bills even after notifying the sender of the account holder’s death. There are still financial services accounts with no activity that seem never to close.
I assume that many businesses are just using open accounts they know belong to dead people in order to artificially inflate their customer counts.
The federal government and its agencies very quickly update their databases with additions to the death file, and that seems to stick. Private sector is a crap shoot.
On a related note, can we as a community start tarnishing Microsoft et al. for e-mail? Blog posts, about pages, documentation, anything and everything where it's appropriate, we should be stating it as a fact that Microsoft's e-mail solutions are sub-par. Off the top of my head;
"Please bear in mind that if you are using a non-standards compliant e-mail service provider such as Microsoft, e-mail delivery may be effected"
I wasn't even sure if the standard specified what to do with undeliverables, but it turns out that RFC 5321, RFC 3461, and RFC 3464 do. TIL :)
I'd love to but what see in practice is that the bigger the company the more likely it is that they use MS. Which hits double hard since this means our bigger clients are the ones not getting our emails...
A tangential note, but after fighting for weeks with office365 and outlook to have basic features working for a small business, I would advise anyone sane of mind to avoid like hell using office365 or exchange for emails/calendar.
On the outside, things look great, looks like to be a good value for the price, but for real, everything is buggy, lot of basic features requires you to manage them with PowerShell commands, there are bugs for years and the support is clueless. For example don't mind using "shared mailbox" or "delegation" without fighting a labyrinth of unexpected behaviors.
For outlook app in itself, you have around 3.5 different versions of it fighting in duel. With the "new" version not necessarily the one to use to have all the paid features, that would be the "classic" version.
With the new or web version, you can't move more than around 100 mails at a time, or more crazy, you can't delete more than 10 contacts in one go...
What amaze me is that all the email/contact/agenda suite looks like semi abandoned when they should make so much money with all the subscription and when everyone is there showing off with billion dollar tech in AI when your basic features are still incomplete and buggies.
Have you looked at the Exchange Online and Defender portals for clues? Especially in the Message Trace section of Exchange Online?
I recently helped troubleshoot a similar issue - we were suddenly getting emails disappearing when sending to M365 customers. No spam or quarantine, just disappearing down a black hole like you described. We sent a test message to a M365 customer who could help run the message trace, and we discovered that the SVG logo in our email signature was being flagged as a phishing attack. We had been using this logo for about a year without any issues, but suddenly Microsoft just decided to block it without warning.
If we send an email without the 25friday.com keywords everything works fine, the message is shown on Message trace as delivered and the recipient gets the email with SCL 1 (all good here).
As soon as the very same email is appended with a www.25friday.com, Message Trace still shows the outbound email, also as delivered, but the recipient (if a Microsoft account) never gets the email. We used one of these emails (EML) to create a submission on the defender portal of a false positive, but they always simply disappear with 0 feedback (and the problem still occurring).
We also had a signature with the www.25friday.com link on it and took it out after realising it was causing emails to go to this black hole, so that at least we can still send emails, but we keep having to be careful to never sending any content (or attachment) that somehow mentions the 25friday.com domain.
Are you sure that it's MS who's blocking? Just think it's weird that they show it as delivered to recipient, sounds like they send the mail and something weird happens after.
With excessive spam scores, Microsoft silently ignores your email. Just swallows it up, reports it as delivered, but never actually does, not even in your spam folder.
It's possible that this is a technical issue or a submission server issue, but it's not uncommon for Outlook to make email disappear.
Similar experience. I am IT Director at a medium sized school district (3500 students) and our emails were blocked by Microsoft for a few weeks. Our email domain and up address are not on any blacklist and have an excellent reputation. The mail server has been operating for over 15 years. I was able to get unblocked by emailing Microsoft support opening a case and registering our mail server with Microsoft smart network data services.
“ You are receiving this because you have signed up to be a user of Smart Network Data Services, or a Smart Network Data Services user has requested that this email be sent to this address. Smart Network Data Services is a revolutionary Windows Live Mail initiative, designed to allow everyone who owns IP space to contribute to the fight against spam and protect e-mail as a valued communications, productivity and commerce tool. If you have questions about our privacy policy, please read our privacy statement available at http://privacy.live.com. I
It seems likely your site had something detected as malware, or is still being detected as malware.
When I test sending a mail to my M365 account with your URL mentioned I find that it gets quarantined (same as if I try to send an email from my M365 account with that URL).
In your M365 test tenant, you should be able to go https://security.microsoft.com/quarantine and see that the emails are getting quarantined, with this information provided as to why:
Given that it says "URL detonation reputation" rather than just "URL detonation", that suggests it's using historical information rather than having performed a new test.
This is Microsoft Safe Links functionality - at the very least since you should be able to find the quarantined emails, the headers will contain a correlation ID support can use, although they might not have much power over safe links.
On my "quarantine" I can't find anything (it's empty) therefore I can't also check what's going on. But "URL detonation reputation" is consistent with the behavior we're observing.
Edit: Nevermind, I see that you've already done this.
It might be worth it to pony up for an M365 license or two, send yourself an email, and then open a support ticket inquiring why the email was blocked. I would even avoid mentioning that you are the sender. Just pretend you're a regular customer who receives email from your domain and you're wondering why it was blocked and if there's anything that can be done to stop it from happening.
We had this happen to one of our apps which redirected to a third-party identity provider which used a different domain name. Basically the app looked like a phishing site to those who clicked on the email links and ended up on a login page on a domain they didn’t recognize. So these users reported the email as phishing in outlook. Microsoft confirmed these user reports were the source of the blocking.
The fix was our own MSFT support case opened via our own E5 subscription which took two weeks to get the app unblocked. To prevent future reports we put a custom hostname on the IdP. So app.example.com now redirects to login.app.example.com
We don't even have any sort of login on our main page, the redirects we have are mostly around apex domain to www.25friday.com, http to https and the likes.... This is a pure company landing page with the typical business description, career application page, articles etc.
We do have subdomains for internal tools of course, but those should not even be publicly accessible (behind an auth proxy).
Outlook also recently changed the default “report message” action in the UI to be “report phishing/malware” instead of “report spam”. This was a terrible design choice; phishing reports from my org’s own user base has increased 4x since the change which is a lot of false positives.
So maybe folks mean to “report spam” on your emails but “report phishing” instead…
Could be the reason, but even so, we have really low volume campaigns and mostly to people we actually interact / have a history with. I would assume it would take more than a few accidental hits to trigger this issue.
It has been a few years since I have dealt with Microsoft's postmasters team for email delivery issues but the link to to use to submit an email delivery issues is: http://go.microsoft.com/fwlink/?LinkID=614866
Something to consider if you haven't yet: have you checked that your website hasn't been compromised? I've seen something similar happen to a domain that got their WordPress hacked and was used to host malware.
I think it's also possible a large amount of people on Outlook (or LinkedIn?) lost interest and clicked "report spam" because it's quicker and more effective than unsubscribing from most automated messaging.
Edit: another thing I caught O365 doing was rewriting the headers in my email (it didn't like the way my From:-address was structured by my server) and then checked the DKIM headers. Obviously the email they altered themselves didn't pass the DKIM signature check. Worked around it by altering my email client to set the From address in a way that Outlook liked.
We thought about it but:
- this a statically generated site (SSG using Next.js), so there's backend runtime for the FE itself.
- we do have a contact form, but under the hood it sends an email to our own inbox through internal APIs and the destination email is hard-coded, so I don't think they could hijack this (will check the audit log just in case).
- it's hosted using Cloudflare pages
- the worker/api part is severely rate limited
- we would notice abuse since we have low monthly email sending limits on this api service
Funny, this comes the morning after my wife realized one of her emailed credit card statements is nowhere to be found in her Yahoo inbox this month.
She had to call the bank to find out what the balance is. Of course on their side it looks like the statement was generated and emailed at the normal date.
IIRC Microsoft somewhat recently changed the positions name to Customer Service Account Manager. Absolutely wild nobody on the inside spoke up about this one, but with how awful Microsoft is at naming things generally I could see anyone who knew deciding to just watch it play out.
We signed up to MS 365 using a subdomain and try to triage the issue and if anything it only made the issue clearer, that it has nothing to do with the sending domain but pure content filtering.
MS are notorious for blacklisting IP ranges from providers like Linode, which makes it impossible for a small biz to run its own commercial system.
I'm not surprised they also keyword block, because Outlook flags Microsoft's own marketing messages as spam.
There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies.
MS, Meta, Amazon, YouTube and Apple all have policies that can nuke SMEs on a whim without consequences, often without even noticing, after their algorithms make a wrong decision about imaginary "abuse".
> There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies
Agreed. I think the problem is mainly that communicating what is wrong in a way that politicians can understand is difficult, and the people who governments hire to make them understand, are not incentivised to do so here (they're typically corporate types, good at ticking boxes, not so good at technology).
Making the EU understand issues such as why Apple's monopoly is a bad thing is easy in comparison, because everybody has a phone and everybody understands "shops". Even so, I'm impressed that went the way it did. I don't have much hope for politicians understanding what MS et al. are doing to mail though.
Which cloud server providers are safe from sporadic Microsoft IP blacklisting?
Yeah, this is kind of the point. I'm not sure there's even a legal process for this as this is entirely under MS (opaque) internal control and we're not even based on the US.
Never attribute to malice that which can be explained by stupidity.
We had the same thing happen with any email with 2f<domain> anywhere in the message body on Google workspace
The "2F" URL decodes to slash / and a third party registered our 2f<company>.com (probably for nefarious purposes)
That kicked on the automatic filtering on messages that had URL encoded links and started blocking them.
Eventually, we had to register 2fgoogle.com ourselves to escalate the issue.
Ok, that was smart. I bet it was fixed quickly.
This is about Microsoft, a corporation so giant and unaccountable that it's able to hide behind complexity. The OP's email issues may even be a non-malicious expression of that complexity. Nonetheless, the result is opaque power, from which European tech must rapidly divest dependency.
But there is a larger pattern to acknowledge here. It's about unaccountable digital privilege and the ability to wield technology for capricious harm.
This week I've been interviewing US government tech workers about the misuse of the SSA "master death file". If you're in this file you're digitally "deleted from society", after which all credit cards are automatically cancelled, bank accounts frozen, so one cannot get paid, see a doctor, travel or function in US society. DOGE are actively working to consolidate and centralising systems to make it "easier" to nudge undesirables to "self-deport".
In order to do this, huge amounts of illegal activity are already afoot, but most people, including judges, are not technically able to comprehend what is being done or what technofascism looks like.
If we want a "Bill of Bytes", it is going to need some very wise and far sighted thinkers who understand the nature of digital harms, and it will need to apply as much to governments and individuals as to private enterprise.
Existing "cyberlaw", including things like "computer misuse" are looking decidedly stone-age in the face of 21st century "layer-8/9" threats.
> …”the SSA "master death file". If you're in this file you're digitally "deleted from society", after which all credit cards are automatically cancelled, bank accounts frozen, so one cannot get paid, see a doctor, travel or function in US society.”
That is the general idea and working theory, but in practice experience has taught me that the MDF doesn’t actually reliably perform this function. As always, it comes down to implementation.
I’ve handled the estates of multiple deceased members of my family, and in that capacity I have witnessed that the result of your death being reported to SSA varies wildly even across businesses in the same industry.
My favorite is ISPs. At least two of the major national ones don’t actually seem to close accounts upon death, even if notified, with no services active and the account settled to $0.
I still receive bills even after notifying the sender of the account holder’s death. There are still financial services accounts with no activity that seem never to close.
I assume that many businesses are just using open accounts they know belong to dead people in order to artificially inflate their customer counts.
The federal government and its agencies very quickly update their databases with additions to the death file, and that seems to stick. Private sector is a crap shoot.
On a related note, can we as a community start tarnishing Microsoft et al. for e-mail? Blog posts, about pages, documentation, anything and everything where it's appropriate, we should be stating it as a fact that Microsoft's e-mail solutions are sub-par. Off the top of my head;
"Please bear in mind that if you are using a non-standards compliant e-mail service provider such as Microsoft, e-mail delivery may be effected"
I wasn't even sure if the standard specified what to do with undeliverables, but it turns out that RFC 5321, RFC 3461, and RFC 3464 do. TIL :)
I'd love to but what see in practice is that the bigger the company the more likely it is that they use MS. Which hits double hard since this means our bigger clients are the ones not getting our emails...
A tangential note, but after fighting for weeks with office365 and outlook to have basic features working for a small business, I would advise anyone sane of mind to avoid like hell using office365 or exchange for emails/calendar.
On the outside, things look great, looks like to be a good value for the price, but for real, everything is buggy, lot of basic features requires you to manage them with PowerShell commands, there are bugs for years and the support is clueless. For example don't mind using "shared mailbox" or "delegation" without fighting a labyrinth of unexpected behaviors.
For outlook app in itself, you have around 3.5 different versions of it fighting in duel. With the "new" version not necessarily the one to use to have all the paid features, that would be the "classic" version.
With the new or web version, you can't move more than around 100 mails at a time, or more crazy, you can't delete more than 10 contacts in one go...
What amaze me is that all the email/contact/agenda suite looks like semi abandoned when they should make so much money with all the subscription and when everyone is there showing off with billion dollar tech in AI when your basic features are still incomplete and buggies.
Have you looked at the Exchange Online and Defender portals for clues? Especially in the Message Trace section of Exchange Online?
I recently helped troubleshoot a similar issue - we were suddenly getting emails disappearing when sending to M365 customers. No spam or quarantine, just disappearing down a black hole like you described. We sent a test message to a M365 customer who could help run the message trace, and we discovered that the SVG logo in our email signature was being flagged as a phishing attack. We had been using this logo for about a year without any issues, but suddenly Microsoft just decided to block it without warning.
Yes, I have.
Message Trace is an interesting one.
If we send an email without the 25friday.com keywords everything works fine, the message is shown on Message trace as delivered and the recipient gets the email with SCL 1 (all good here).
As soon as the very same email is appended with a www.25friday.com, Message Trace still shows the outbound email, also as delivered, but the recipient (if a Microsoft account) never gets the email. We used one of these emails (EML) to create a submission on the defender portal of a false positive, but they always simply disappear with 0 feedback (and the problem still occurring).
We also had a signature with the www.25friday.com link on it and took it out after realising it was causing emails to go to this black hole, so that at least we can still send emails, but we keep having to be careful to never sending any content (or attachment) that somehow mentions the 25friday.com domain.
Are you sure that it's MS who's blocking? Just think it's weird that they show it as delivered to recipient, sounds like they send the mail and something weird happens after.
With excessive spam scores, Microsoft silently ignores your email. Just swallows it up, reports it as delivered, but never actually does, not even in your spam folder.
It's possible that this is a technical issue or a submission server issue, but it's not uncommon for Outlook to make email disappear.
This sounds like what's happening to us, but only if the dreaded 25friday.com keyword is included on the email content
Well, it works fine for every single recipient unless it's a Microsoft one.
If the recipient is using a personal microsoft / outlook / hotmail account the email gets delivered with a spam score of 9.
If the recipient is a MS 365 account, blackhole it is.
We even set up our own MS 365 to prove this.
Similar experience. I am IT Director at a medium sized school district (3500 students) and our emails were blocked by Microsoft for a few weeks. Our email domain and up address are not on any blacklist and have an excellent reputation. The mail server has been operating for over 15 years. I was able to get unblocked by emailing Microsoft support opening a case and registering our mail server with Microsoft smart network data services.
“ You are receiving this because you have signed up to be a user of Smart Network Data Services, or a Smart Network Data Services user has requested that this email be sent to this address. Smart Network Data Services is a revolutionary Windows Live Mail initiative, designed to allow everyone who owns IP space to contribute to the fight against spam and protect e-mail as a valued communications, productivity and commerce tool. If you have questions about our privacy policy, please read our privacy statement available at http://privacy.live.com. I
We also had a look at it, but the problem is that we don't control our mail server as it's Google provided.
It seems likely your site had something detected as malware, or is still being detected as malware.
When I test sending a mail to my M365 account with your URL mentioned I find that it gets quarantined (same as if I try to send an email from my M365 account with that URL).
In your M365 test tenant, you should be able to go https://security.microsoft.com/quarantine and see that the emails are getting quarantined, with this information provided as to why:
Detection technologies: URL detonation reputation, Mixed analysis detection
Given that it says "URL detonation reputation" rather than just "URL detonation", that suggests it's using historical information rather than having performed a new test.
This is Microsoft Safe Links functionality - at the very least since you should be able to find the quarantined emails, the headers will contain a correlation ID support can use, although they might not have much power over safe links.
Thank you, you've gotten further than I have.
On my "quarantine" I can't find anything (it's empty) therefore I can't also check what's going on. But "URL detonation reputation" is consistent with the behavior we're observing.
Edit: Nevermind, I see that you've already done this.
It might be worth it to pony up for an M365 license or two, send yourself an email, and then open a support ticket inquiring why the email was blocked. I would even avoid mentioning that you are the sender. Just pretend you're a regular customer who receives email from your domain and you're wondering why it was blocked and if there's anything that can be done to stop it from happening.
We had this happen to one of our apps which redirected to a third-party identity provider which used a different domain name. Basically the app looked like a phishing site to those who clicked on the email links and ended up on a login page on a domain they didn’t recognize. So these users reported the email as phishing in outlook. Microsoft confirmed these user reports were the source of the blocking.
The fix was our own MSFT support case opened via our own E5 subscription which took two weeks to get the app unblocked. To prevent future reports we put a custom hostname on the IdP. So app.example.com now redirects to login.app.example.com
We don't even have any sort of login on our main page, the redirects we have are mostly around apex domain to www.25friday.com, http to https and the likes.... This is a pure company landing page with the typical business description, career application page, articles etc.
We do have subdomains for internal tools of course, but those should not even be publicly accessible (behind an auth proxy).
Outlook also recently changed the default “report message” action in the UI to be “report phishing/malware” instead of “report spam”. This was a terrible design choice; phishing reports from my org’s own user base has increased 4x since the change which is a lot of false positives.
So maybe folks mean to “report spam” on your emails but “report phishing” instead…
Could be the reason, but even so, we have really low volume campaigns and mostly to people we actually interact / have a history with. I would assume it would take more than a few accidental hits to trigger this issue.
It has been a few years since I have dealt with Microsoft's postmasters team for email delivery issues but the link to to use to submit an email delivery issues is: http://go.microsoft.com/fwlink/?LinkID=614866
Thanks, we have looked into this indeed, but the problem is that we don't really control the sending IPs as they are managed by Google.
I guess I'll try to submit a report anyway using Googles' outbound IPs.
Something to consider if you haven't yet: have you checked that your website hasn't been compromised? I've seen something similar happen to a domain that got their WordPress hacked and was used to host malware.
I think it's also possible a large amount of people on Outlook (or LinkedIn?) lost interest and clicked "report spam" because it's quicker and more effective than unsubscribing from most automated messaging.
Edit: another thing I caught O365 doing was rewriting the headers in my email (it didn't like the way my From:-address was structured by my server) and then checked the DKIM headers. Obviously the email they altered themselves didn't pass the DKIM signature check. Worked around it by altering my email client to set the From address in a way that Outlook liked.
We thought about it but: - this a statically generated site (SSG using Next.js), so there's backend runtime for the FE itself. - we do have a contact form, but under the hood it sends an email to our own inbox through internal APIs and the destination email is hard-coded, so I don't think they could hijack this (will check the audit log just in case). - it's hosted using Cloudflare pages - the worker/api part is severely rate limited - we would notice abuse since we have low monthly email sending limits on this api service
In my cynical world view, your options are:
1. Rename the company
2. You (or somebody you know) gets a job at Microsoft in the correct team and removes 25friday from the backlist.
I'm guessing at some point the past, there was a large spam campaign that targeted friday the 25th for some reason.
Joking aside, we are seriously considering moving all comms to 25friday.nl (which we also own) if we can't find a way around this...
Funny, this comes the morning after my wife realized one of her emailed credit card statements is nowhere to be found in her Yahoo inbox this month.
She had to call the bank to find out what the balance is. Of course on their side it looks like the statement was generated and emailed at the normal date.
You have Unified Support and dedicated CSAM assigned to your case? If you're trying to solve this over Basic support...Good luck friend!
I guess only basic since our main provider is Google, not MS.
We do use Azure for small stuff, but too small for any special support channel.
It may be worth it just to sign up for this one ticket. If you're lucky you can get it done with one months worth of support.
Ah, but we have purchased 1 license of MS365 precisely to help triage this issue and open a support ticket but the agent is as clueless as we are....
What does that acronym mean? I'm not sure if you made a typo or if it's very unfortunate naming.
IIRC Microsoft somewhat recently changed the positions name to Customer Service Account Manager. Absolutely wild nobody on the inside spoke up about this one, but with how awful Microsoft is at naming things generally I could see anyone who knew deciding to just watch it play out.
Customer Success Account Manager.
Formerly TAM.
Use a 3rd party SMTP like sendgrid. Once you get on a shitlist it's almost impossible to get off of it.
We signed up to MS 365 using a subdomain and try to triage the issue and if anything it only made the issue clearer, that it has nothing to do with the sending domain but pure content filtering.
Sign up with a 3rd party, like sendgrid.
So you're basically recommending paying a protection tax?
That's how big email works these days. Fucking sucks but it is.
I stopped running my own stuff after Yahoo decided it didn't like me one afternoon with no recourse.
Can't believe in 2025 on "hacker news" people are still asking if Microsoft is the way to go.
No, it isn't. It has never been.
OP is having problems sending emails to Microsoft 365, they don't use it themselves.
OP is asking if there is any hope for a Microsoft product.
I'm with you but it's very hard to change the tools our clients use :)