Summary
There were two issues which adversely impacted how junk mail was handled in PennO365. As of March 20, 2018, Microsoft has identified and addressed the root causes of both of these issues. PennO365 users should notice a decline in the number of false positive junk mail as a result. However, given the constantly changing nature of spam, ISC recommends advising end users to still regularly check their junk mail folders for false positives and utilize the Safe Sender list to ensure the delivery of email from designated senders.
ISC will continue to monitor how junk mail is handled in PennO365. To assist us with this effort, IT support staff should continue to report incidents of false positives to both Microsoft and ISC Client Care. For information on how to submit reports, see the "False Positive and False Negative Junk Submission” under Resources below.
ISC recognizes the severe impact these two issues had on PennO365 users. We appreciate the troubleshooting assistance provided by the PennO365 support community as well as your patience while we worked with Microsoft to address these issues.
Details
The first of the two spam issues was first reported at the beginning of February 2018. PennO365 users began see email being identified as junk and moved from the inbox after delivery. After an initial investigation by ISC, the issue was escalated to Microsoft. This issue was investigated by Microsoft’s Engineering/Product Group for several weeks. The root cause was recently identified as a bug in the time traveling feature in O365. Using the false positive samples submitted by ISC, Microsoft updated the time traveling feature to address the issue. Microsoft is confident that issue will not return again following this change.
The second of the spam issues first reported on March 15, 2018. PennO365 users noticed a significant increase in the volume of false positive spam. Working with ISC, Microsoft identified the root cause to be a new feature recently added to Exchange Online Protection which changed how legitimate messages are recognized. Due to the complexity of the PennO365 mail routing environment, many emails began to fail this new check and were marked as junk. To resolve the issue, Microsoft engineers flagged the change as misconfiguration and rolled the PennO365 environment back to its prior configuration. Microsoft acknowledged that they should not have enabled this new feature in our environment due to architecture of PennO365’s mail routing. To prevent this situation from occurring again, Microsoft added the PennO365 environment to its complex routing exception list.
Moving Forward
While the two issues have been addressed by Microsoft, ISC does not consider the overall PennO365 spam situation to be resolved. Given the complexities of the PennO365 mail routing environment and email address requirements, the number of bulk mailing solutions in use on campus, and the dynamic and sophisticated nature of spam campaigns, ISC recognizes that it will require an ongoing effort to ensure the proper delivery of mail on campus. While we continue to work to reduce these complexities where possible and address underlying causes of delivery issues, there will likely be periods of time that the PennO365 junk mail handling is less than desirable in comparison to other time periods.
Resources
* False Positive and False Negative Junk Submission: https://www.isc.upenn.edu/how-to/false-positive-and-false-negative-junk-submission
* Configuring Safe Sender Lists: https://www.isc.upenn.edu/how-to/penno365-configuring-safe-senders-lists
* Creating an Outlook Inbox rule to limit spam: https://www.isc.upenn.edu/how-to/creating-outlook-inbox-rule-limit-spam