Spam false positives.

I got word that a user was not receiving email and attempts to send to him were bouncing. I see why the email was considered spam is due to the following report. Please help me understand, or clarify, the bounced email was generated from outlook / IP: 65.55.169.80, correct? This is not our server, my understanding Outlook likely Office365 caused the flag.

spam report
LVL 17
WORKS2011Austin Tech CompanyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WORKS2011Austin Tech CompanyAuthor Commented:
Concern is my client feels our spam filter is the culprit and doesn't understand why emails cannot be added to the "allow list". Before I explain it's not rejected on our end would like some clarification from EE.

Thank you.
JohnBusiness Consultant (Owner)Commented:
The IP above is Microsoft


65.55.169.80

65.52.0.0 - 65.55.255.255

Microsoft Corporation
One Microsoft Way
Redmond
WA
98052
United States

Microsoft Routing, Peering, and DNS
+1-425-882-8080
IOC@microsoft.com
Quamara, Divya
+1-352-278-8979
diquamar@microsoft.com

Microsoft Abuse Contact
+1-425-882-8080
abuse@microsoft.com

MICROSOFT-1BLK
Created: 1998-07-10
Updated: 2015-09-29
Source: whois.arin.net

Completed at 10/19/2015 11:16:11 PM
Processing time: 0.53 seconds
View source

The email is definitely coming from Microsoft, but I do not know why you cannot add it to an allow list. I get mail from Microsoft with no issue.

The email itself may be bad (have bad content).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
User uses web interface to view/send.  Look at account properties dealing with spam handling is it might be too aggressive catching false positives.
Bayes is a content statistical analysis type filter and should include a method by which it can be retrained to not count the message in question as spam or even disable/make the filter less sensitive.

Where are you looking at these statistics? Is this a third party application?
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

WORKS2011Austin Tech CompanyAuthor Commented:
Thank you John and arnold.

John, do you feel it's Microsoft's side doing the flagging. We get email from people using Office 365 all the time, I'm assuming it's Office 365. However this one client seems to report bounced emails coming back to them from us. Odd they won't send us a NDR.

arnold, my client does use a spam filter and where this message comes from. I'm trying to determine if our filter is reporting why the sender rejected it. Our filter is setup with their name on the allow list. They claim some emails don't make it.
arnoldCommented:
The message you posted to a rejection because of bayes which is a content filter. You have to look at your email handling and whether the check for the sender is evaluated before the rest and adding the sender there will accept the message before the content filter is applied.  In your current setup when a spam is determined to be spam, the sending server seems to be getting the permanent error response 550.

Given you have the information before, receiving the NDR is unnecessary as you have confirmation of the incoming email being rejected by your setup.

Check what options do you gave, having the setup rejecting the sender message is a final, see if you have a quaranteen option meaning the message is accepted, placed in a spam pan and the recipient notified. The recipient is provided with an option to view the message if they choose, and also have an option to indicate that the message should not have registered as spam.
This will retrain the bayes filtering mechanism.
WORKS2011Austin Tech CompanyAuthor Commented:
appreciate it!!!
JohnBusiness Consultant (Owner)Commented:
@WORKS2011  - You are very welcome and I was happy to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.