Missing emails? Exchange Online is tagging legitimate messages as spam - here's what to do
Source: ZDNet
ZDNET’s key takeaways
- Legitimate emails in Exchange Online are being tagged as spam.
- A new URL rule is quarantining emails as phishing attempts.
- Microsoft has made some progress resolving the problem.
What’s happening
Microsoft’s Exchange Online is mistakenly flagging legitimate messages as phishing. The issue was first identified on February 5 and has caused some users to be unable to send or receive email.
In a service alert highlighted by BleepingComputer, Microsoft explained:
“Some users’ legitimate email messages are being marked as phish and quarantined in Exchange Online. We’ve determined that the URLs associated with these email messages are incorrectly marked as phish and quarantined due to ever‑evolving criteria aimed at identifying suspicious email messages, as spam and phishing techniques have become more sophisticated in avoiding detection.”
The root cause appears to be a new URL rule that incorrectly classifies certain legitimate URLs as malicious, leading to false‑positive phishing detections.
What you can do
If you’re using Exchange Online and suspect that legitimate mail has been quarantined:
- Go to the Quarantine page in Microsoft Defender.
- Sign in with your work or school account.
- Review the list of quarantined messages.
- For any legitimate email, select it and click Release.
Microsoft is gradually releasing previously quarantined messages, but some may remain blocked until the fix is fully deployed.
Why this occurs
Modern spam and phishing campaigns are increasingly sophisticated, often evading traditional detection methods. To stay ahead, email providers continuously adjust their filtering rules. In this case, an over‑aggressive URL rule caused legitimate domains to be flagged as malicious.
For more information on ZDNET’s editorial standards, see the Editorial standards page.