Ask HN: Is there hope for Microsoft 365 support?
50 comments
·April 29, 2025TheOtherHobbes
MS are notorious for blacklisting IP ranges from providers like Linode, which makes it impossible for a small biz to run its own commercial system.
I'm not surprised they also keyword block, because Outlook flags Microsoft's own marketing messages as spam.
There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies.
MS, Meta, Amazon, YouTube and Apple all have policies that can nuke SMEs on a whim without consequences, often without even noticing, after their algorithms make a wrong decision about imaginary "abuse".
ghusto
> There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies
Agreed. I think the problem is mainly that communicating what is wrong in a way that politicians can understand is difficult, and the people who governments hire to make them understand, are not incentivised to do so here (they're typically corporate types, good at ticking boxes, not so good at technology).
Making the EU understand issues such as why Apple's monopoly is a bad thing is easy in comparison, because everybody has a phone and everybody understands "shops". Even so, I'm impressed that went the way it did. I don't have much hope for politicians understanding what MS et al. are doing to mail though.
BOOSTERHIDROGEN
Which cloud server providers are safe from sporadic Microsoft IP blacklisting?
joaopbnogueira
Yeah, this is kind of the point. I'm not sure there's even a legal process for this as this is entirely under MS (opaque) internal control and we're not even based on the US.
walth
Never attribute to malice that which can be explained by stupidity.
We had the same thing happen with any email with 2f<domain> anywhere in the message body on Google workspace
The "2F" URL decodes to slash / and a third party registered our 2f<company>.com (probably for nefarious purposes)
That kicked on the automatic filtering on messages that had URL encoded links and started blocking them.
Eventually, we had to register 2fgoogle.com ourselves to escalate the issue.
joaopbnogueira
Ok, that was smart. I bet it was fixed quickly.
nonrandomstring
This is about Microsoft, a corporation so giant and unaccountable that it's able to hide behind complexity. The OP's email issues may even be a non-malicious expression of that complexity. Nonetheless, the result is opaque power, from which European tech must rapidly divest dependency.
But there is a larger pattern to acknowledge here. It's about unaccountable digital privilege and the ability to wield technology for capricious harm.
This week I've been interviewing US government tech workers about the misuse of the SSA "master death file". If you're in this file you're digitally "deleted from society", after which all credit cards are automatically cancelled, bank accounts frozen, so one cannot get paid, see a doctor, travel or function in US society. DOGE are actively working to consolidate and centralising systems to make it "easier" to nudge undesirables to "self-deport".
In order to do this, huge amounts of illegal activity are already afoot, but most people, including judges, are not technically able to comprehend what is being done or what technofascism looks like.
If we want a "Bill of Bytes", it is going to need some very wise and far sighted thinkers who understand the nature of digital harms, and it will need to apply as much to governments and individuals as to private enterprise.
Existing "cyberlaw", including things like "computer misuse" are looking decidedly stone-age in the face of 21st century "layer-8/9" threats.
TheNewsIsHere
> …”the SSA "master death file". If you're in this file you're digitally "deleted from society", after which all credit cards are automatically cancelled, bank accounts frozen, so one cannot get paid, see a doctor, travel or function in US society.”
That is the general idea and working theory, but in practice experience has taught me that the MDF doesn’t actually reliably perform this function. As always, it comes down to implementation.
I’ve handled the estates of multiple deceased members of my family, and in that capacity I have witnessed that the result of your death being reported to SSA varies wildly even across businesses in the same industry.
My favorite is ISPs. At least two of the major national ones don’t actually seem to close accounts upon death, even if notified, with no services active and the account settled to $0.
I still receive bills even after notifying the sender of the account holder’s death. There are still financial services accounts with no activity that seem never to close.
I assume that many businesses are just using open accounts they know belong to dead people in order to artificially inflate their customer counts.
The federal government and its agencies very quickly update their databases with additions to the death file, and that seems to stick. Private sector is a crap shoot.
ghusto
On a related note, can we as a community start tarnishing Microsoft et al. for e-mail? Blog posts, about pages, documentation, anything and everything where it's appropriate, we should be stating it as a fact that Microsoft's e-mail solutions are sub-par. Off the top of my head;
"Please bear in mind that if you are using a non-standards compliant e-mail service provider such as Microsoft, e-mail delivery may be effected"
I wasn't even sure if the standard specified what to do with undeliverables, but it turns out that RFC 5321, RFC 3461, and RFC 3464 do. TIL :)
joaopbnogueira
I'd love to but what see in practice is that the bigger the company the more likely it is that they use MS. Which hits double hard since this means our bigger clients are the ones not getting our emails...
greatgib
A tangential note, but after fighting for weeks with office365 and outlook to have basic features working for a small business, I would advise anyone sane of mind to avoid like hell using office365 or exchange for emails/calendar.
On the outside, things look great, looks like to be a good value for the price, but for real, everything is buggy, lot of basic features requires you to manage them with PowerShell commands, there are bugs for years and the support is clueless. For example don't mind using "shared mailbox" or "delegation" without fighting a labyrinth of unexpected behaviors.
For outlook app in itself, you have around 3.5 different versions of it fighting in duel. With the "new" version not necessarily the one to use to have all the paid features, that would be the "classic" version.
With the new or web version, you can't move more than around 100 mails at a time, or more crazy, you can't delete more than 10 contacts in one go...
What amaze me is that all the email/contact/agenda suite looks like semi abandoned when they should make so much money with all the subscription and when everyone is there showing off with billion dollar tech in AI when your basic features are still incomplete and buggies.
amanzi
Have you looked at the Exchange Online and Defender portals for clues? Especially in the Message Trace section of Exchange Online?
I recently helped troubleshoot a similar issue - we were suddenly getting emails disappearing when sending to M365 customers. No spam or quarantine, just disappearing down a black hole like you described. We sent a test message to a M365 customer who could help run the message trace, and we discovered that the SVG logo in our email signature was being flagged as a phishing attack. We had been using this logo for about a year without any issues, but suddenly Microsoft just decided to block it without warning.
joaopbnogueira
Yes, I have.
Message Trace is an interesting one.
If we send an email without the 25friday.com keywords everything works fine, the message is shown on Message trace as delivered and the recipient gets the email with SCL 1 (all good here).
As soon as the very same email is appended with a www.25friday.com, Message Trace still shows the outbound email, also as delivered, but the recipient (if a Microsoft account) never gets the email. We used one of these emails (EML) to create a submission on the defender portal of a false positive, but they always simply disappear with 0 feedback (and the problem still occurring).
We also had a signature with the www.25friday.com link on it and took it out after realising it was causing emails to go to this black hole, so that at least we can still send emails, but we keep having to be careful to never sending any content (or attachment) that somehow mentions the 25friday.com domain.
4ggr0
Are you sure that it's MS who's blocking? Just think it's weird that they show it as delivered to recipient, sounds like they send the mail and something weird happens after.
jeroenhd
With excessive spam scores, Microsoft silently ignores your email. Just swallows it up, reports it as delivered, but never actually does, not even in your spam folder.
It's possible that this is a technical issue or a submission server issue, but it's not uncommon for Outlook to make email disappear.
joaopbnogueira
Well, it works fine for every single recipient unless it's a Microsoft one.
If the recipient is using a personal microsoft / outlook / hotmail account the email gets delivered with a spam score of 9.
If the recipient is a MS 365 account, blackhole it is.
We even set up our own MS 365 to prove this.
roody15
Similar experience. I am IT Director at a medium sized school district (3500 students) and our emails were blocked by Microsoft for a few weeks. Our email domain and up address are not on any blacklist and have an excellent reputation. The mail server has been operating for over 15 years. I was able to get unblocked by emailing Microsoft support opening a case and registering our mail server with Microsoft smart network data services.
“ You are receiving this because you have signed up to be a user of Smart Network Data Services, or a Smart Network Data Services user has requested that this email be sent to this address. Smart Network Data Services is a revolutionary Windows Live Mail initiative, designed to allow everyone who owns IP space to contribute to the fight against spam and protect e-mail as a valued communications, productivity and commerce tool. If you have questions about our privacy policy, please read our privacy statement available at http://privacy.live.com. I
joaopbnogueira
We also had a look at it, but the problem is that we don't control our mail server as it's Google provided.
tallanvor
It seems likely your site had something detected as malware, or is still being detected as malware.
When I test sending a mail to my M365 account with your URL mentioned I find that it gets quarantined (same as if I try to send an email from my M365 account with that URL).
In your M365 test tenant, you should be able to go https://security.microsoft.com/quarantine and see that the emails are getting quarantined, with this information provided as to why:
Detection technologies: URL detonation reputation, Mixed analysis detection
Given that it says "URL detonation reputation" rather than just "URL detonation", that suggests it's using historical information rather than having performed a new test.
This is Microsoft Safe Links functionality - at the very least since you should be able to find the quarantined emails, the headers will contain a correlation ID support can use, although they might not have much power over safe links.
joaopbnogueira
Thank you, you've gotten further than I have.
On my "quarantine" I can't find anything (it's empty) therefore I can't also check what's going on. But "URL detonation reputation" is consistent with the behavior we're observing.
Kneecaps07
Edit: Nevermind, I see that you've already done this.
It might be worth it to pony up for an M365 license or two, send yourself an email, and then open a support ticket inquiring why the email was blocked. I would even avoid mentioning that you are the sender. Just pretend you're a regular customer who receives email from your domain and you're wondering why it was blocked and if there's anything that can be done to stop it from happening.
tatersolid
We had this happen to one of our apps which redirected to a third-party identity provider which used a different domain name. Basically the app looked like a phishing site to those who clicked on the email links and ended up on a login page on a domain they didn’t recognize. So these users reported the email as phishing in outlook. Microsoft confirmed these user reports were the source of the blocking.
The fix was our own MSFT support case opened via our own E5 subscription which took two weeks to get the app unblocked. To prevent future reports we put a custom hostname on the IdP. So app.example.com now redirects to login.app.example.com
joaopbnogueira
We don't even have any sort of login on our main page, the redirects we have are mostly around apex domain to www.25friday.com, http to https and the likes.... This is a pure company landing page with the typical business description, career application page, articles etc.
We do have subdomains for internal tools of course, but those should not even be publicly accessible (behind an auth proxy).
tatersolid
Outlook also recently changed the default “report message” action in the UI to be “report phishing/malware” instead of “report spam”. This was a terrible design choice; phishing reports from my org’s own user base has increased 4x since the change which is a lot of false positives.
So maybe folks mean to “report spam” on your emails but “report phishing” instead…
joaopbnogueira
Could be the reason, but even so, we have really low volume campaigns and mostly to people we actually interact / have a history with. I would assume it would take more than a few accidental hits to trigger this issue.
jmarneweck
It has been a few years since I have dealt with Microsoft's postmasters team for email delivery issues but the link to to use to submit an email delivery issues is: http://go.microsoft.com/fwlink/?LinkID=614866
joaopbnogueira
Thanks, we have looked into this indeed, but the problem is that we don't really control the sending IPs as they are managed by Google.
I guess I'll try to submit a report anyway using Googles' outbound IPs.
jeroenhd
Something to consider if you haven't yet: have you checked that your website hasn't been compromised? I've seen something similar happen to a domain that got their WordPress hacked and was used to host malware.
I think it's also possible a large amount of people on Outlook (or LinkedIn?) lost interest and clicked "report spam" because it's quicker and more effective than unsubscribing from most automated messaging.
Edit: another thing I caught O365 doing was rewriting the headers in my email (it didn't like the way my From:-address was structured by my server) and then checked the DKIM headers. Obviously the email they altered themselves didn't pass the DKIM signature check. Worked around it by altering my email client to set the From address in a way that Outlook liked.
joaopbnogueira
We thought about it but: - this a statically generated site (SSG using Next.js), so there's backend runtime for the FE itself. - we do have a contact form, but under the hood it sends an email to our own inbox through internal APIs and the destination email is hard-coded, so I don't think they could hijack this (will check the audit log just in case). - it's hosted using Cloudflare pages - the worker/api part is severely rate limited - we would notice abuse since we have low monthly email sending limits on this api service
doix
In my cynical world view, your options are:
1. Rename the company
2. You (or somebody you know) gets a job at Microsoft in the correct team and removes 25friday from the backlist.
I'm guessing at some point the past, there was a large spam campaign that targeted friday the 25th for some reason.
joaopbnogueira
Joking aside, we are seriously considering moving all comms to 25friday.nl (which we also own) if we can't find a way around this...
null
nottorp
Funny, this comes the morning after my wife realized one of her emailed credit card statements is nowhere to be found in her Yahoo inbox this month.
She had to call the bank to find out what the balance is. Of course on their side it looks like the statement was generated and emailed at the normal date.
The company I work for (25friday.com) has been hit with what seems to be a keyword blacklist on Microsoft 365 email.
In short, if we send out any email to clients using Microsoft 365 as their email provider containing the textual content "25friday.com" anywhere on the email subject, body or readable attachment (e.g. pdf) the emails fall on a "blackhole" and are neither bounced nor reaching the recipient (they are not in spam or quarantine either).
As you might imagine this is a huge problem for us as email is our primary means of communication with our clients and we need to be careful to never include any mention of our domain in any email we send to them.
For recipients using personal Outlook emails, the emails are received and sent to spam with a spam score of 9 (maximum score).
We've reached Microsoft support and they seem as clueless as we are. They have no idea why this is happening and they are unable to provide any information or progress on the ongoing issue. This has been going on for about a month now.
A few things we have tried:
- We have checked our SPF, DKIM, and DMARC records and they are all set up correctly and passing.
- We have checked our email sending reputation and it is good as far as we can tell.
- We have tried sending emails from different email addresses and domains, but the issue persists.
- We have setup our own Microsoft 365 account to be able to submit false-positive reports on the security portal, but the submissions disappear into the void and we never receive any feedback.
- We have tried some deliverability testing tools and they all report that our emails are being blocked by Microsoft 365, but not by any other email providers.
- We are not on any known/public blacklists
Note that we are using Google Workspaces, but that does not seem to be the issue. The domain itself has been live since 2018 (since the company was founded) and we have never had any issues with email deliverability before. We don't send spam or unsolicited emails. The closest I could think of is a mailing list we have with about 300 subscribers containing mostly client emails but also some emails of people we invite to our events. We send out an approximately monthly newsletter to this list, but we have never had any complaints or issues with it before (we're using Pipedrive for that).
Tangential but I believe that it might be related: if I set my website address as 25friday.com on my LinkedIn profile, the link gets overwritten to a LinkedIn error page. My guess is that since LinkedIn is owned by Microsoft, they are sharing the same blacklist.
Any tips would be greatly appreciated. We're really affected by this and without any recourse to escalate this issue.