This is an automated archive.

The original was posted on /r/sysadmin by /u/Max_Xevious on 2023-10-24 15:09:24+00:00.

I really have no idea how I can tell Microsoft any more that emails coming from specific addresses are NOT PHISHING EMAILS!

We use a 3rd party email filtering service and I would honestly prefer to completely disable the anti-phishing through M365 and let our 3rd party handle all of that, but there does not look like a way I can do that.

I have a domain we receive two different emails in the middle of the night to everyone in our office. Its very important info that people need at the very start of the business day. These are two specific email addresses and the domain is the same.

I’ve gone through and set rules in the EAC to set the SCL to -1 if any email sender matches the two email addresses, but they are still getting flagged as phishing and quarantened.

I’ve also reported the messages to Microsoft as a false flag but I really have no hope that will help with anything.

The emails in question do have a PDF attachment, but no links or anything in the body of the email.

I am at the end of my rope on this one, I am not sure if there is somewhere else I can set these email addresses to be ignored or if Microsoft just does not care that I whitelisted the email addresses, and even the domain.