What is consider as malicious in the email fromat that we sent?

SAM2009 used Ask the Experts™

I have a user who send email with url to more then 100 000 recipients. The 365 ATP Safe Link block its.

I know I can create an exception rule but the real root cause is still there because the other mail servers proctection (others mailfilter) will might block it too. My question is how can I know what is consider as malicious in the email fromat that we sent. Like that I can explain to user to not add this or do that.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018
The best thing you can do is check the headers, then compare them against the information in this article: https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spam-message-headers
That, and opening a support case to get this investigated by someone from the EOP team.
David FavorFractional CTO
Distinguished Expert 2018

Primary factor is where URL terminates after all redirects resolve.

If the terminating page is flagged for malware or other infraction, then best not to create an exception. If you do, then the sender/IP reputation can be downgraded + your deliverability will then go to zero.

Better to determine exactly why the block was initiated.

This will require having exact information. There's no way to guess at this.

Exact information - either post your entire email message or hire someone to audit your message + all links + link termination.

Not overly difficult to determine exact problem + this process can be time consuming, sometimes.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Graphical Signatures often cause issues. Reduce these to plain, short text.

Many pictures - inline mostly but sometimes attachments are another source of problems.

Too many emails is another issue.

For 100,000 emails, use Constant Contact (or like) as the email sending outfit. They are known to many and their emails do not usually cause issues.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2016

You also realize that you are limited to 1,000 address limit for sending
IT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018
I have a user who send email with url to more then 100 000 recipients.
That will be a large part of the problem IMO.

I would suggest doing such mailouts using either an online mailout service like Mail Chimp, or if you want to avoid the expense of on-going subscription fees and do it locally, try something like SendBlaster Pro, which I use myself and recently wrote an article about here:


Alternatively, if you just want to know how to lower the spam score on your mailouts, install the Free version of SendBlaster and run your emails through that before sending. It has a built in Spam Score checking facility and gives suggestions on what you can do to lower the chances of your mailouts being seen as spam. More info in the above article I wrote.

I hope that's helpful.

Regards, Andrew


Thanks to all for your suggestions!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial